last executing test programs:

8m44.696971454s ago: executing program 32 (id=1181):
r0 = syz_open_dev$vim2m(&(0x7f0000000280), 0x8, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, 0x0)
ppoll(&(0x7f0000000300)=[{r0, 0x2007}], 0x1, 0x0, 0x0, 0x0)

6m11.179284374s ago: executing program 33 (id=1970):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
syz_emit_ethernet(0xfef3, &(0x7f0000000200)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x64, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x64, 0x0, @wg=@response={0x2, 0x1, 0x100004, "628e0960f6d6d3f6ee6d6b84b345dccac643e7df3e526ff07833b291322d4a74", "882ed6741e7632daeaec0c95f2ad1cd6", {"8fb3d9fd3efe8e4ea8b5ec7448ddd6a3", "215990e1b896120966af96b22cf049f0"}}}}}}}}, 0x0)

4m57.8301139s ago: executing program 34 (id=2433):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), r0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100265e14c73f5ddeca2b0000000800090008000000180001801400020064756d6d7930"], 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4044014)

4m39.360505014s ago: executing program 35 (id=2503):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000100)={0xffffffffffffffff, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000006800010000000000000000000200000000000000060007000800000008000500", @ANYRES32=r1, @ANYBLOB="18000880"], 0x40}}, 0x0)

3m51.404147383s ago: executing program 36 (id=2698):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff})
setsockopt$sock_int(r0, 0x1, 0x2c, &(0x7f0000000100)=0x1, 0x4)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000000c0), 0x4)

3m37.745548541s ago: executing program 8 (id=2847):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
setreuid(0x0, 0xee01)
ioctl$BLKROSET(r0, 0x125d, 0x0)

3m37.050514284s ago: executing program 8 (id=2851):
r0 = socket$kcm(0x11, 0x3, 0x0)
setsockopt$sock_attach_bpf(r0, 0x107, 0xf, &(0x7f0000000000), 0x4)
sendmsg$kcm(r0, &(0x7f00000000c0)={&(0x7f0000000240)=@qipcrtr={0x2a, 0x4, 0x1}, 0x80, &(0x7f0000000500)=[{&(0x7f0000000200)="27031c00160014000000002f1eafacf706e105400000894f00050004ee0b80558ddbba9b3724", 0x26}], 0x1}, 0x4)

3m36.360388473s ago: executing program 8 (id=2855):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x1c, 0x2, 0x3, 0x5, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0)
sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x24, 0x2, 0x3, 0x301, 0x0, 0x0, {0x2}, [@NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x15}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x4040053}, 0x0)

3m35.840056744s ago: executing program 8 (id=2858):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3m34.786148647s ago: executing program 8 (id=2862):
mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xb, 0xc3072, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000400000/0x3000)=nil, 0x3000, 0x2000009, 0x4d032, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0)

3m34.639944613s ago: executing program 6 (id=2863):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000740), 0xffffffffffffffff)
sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="250300000000140001800d"], 0x28}}, 0x0)

3m33.911274492s ago: executing program 8 (id=2866):
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)

3m33.856839451s ago: executing program 6 (id=2867):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140)

3m31.959160526s ago: executing program 37 (id=2866):
mremap(&(0x7f0000000000/0x9000)=nil, 0x600a00, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4)

3m31.859042997s ago: executing program 6 (id=2871):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x8, &(0x7f0000000840)=0x7, 0x4)

3m31.370352832s ago: executing program 6 (id=2872):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000180)='./file0\x00', 0x20044e, &(0x7f0000000340)={[{@minixdf}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@stripe}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x6}}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3m29.605911356s ago: executing program 6 (id=2876):
unshare(0x22020600)
r0 = timerfd_create(0x0, 0x0)
timerfd_gettime(r0, &(0x7f0000000300))

3m28.659095794s ago: executing program 6 (id=2878):
r0 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x4})
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000100)={0x4, 0x1, 0x2, 0x84000})

3m27.064151035s ago: executing program 38 (id=2878):
r0 = syz_open_dev$vim2m(&(0x7f0000000440), 0x8, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x4})
ioctl$vim2m_VIDIOC_EXPBUF(r0, 0xc0405668, &(0x7f0000000100)={0x4, 0x1, 0x2, 0x84000})

2m23.332015305s ago: executing program 0 (id=3269):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000001c6a000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @payload={{0xc}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_PAYLOAD_BASE={0x8, 0x2, 0x1, 0x0, 0x2}, @NFTA_PAYLOAD_OFFSET={0x8}]}}}]}]}], {0x14}}, 0x7c}}, 0x20080)

2m22.864258168s ago: executing program 0 (id=3272):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
setsockopt$sock_int(r0, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000000)=0xfffff000, 0x4)

2m22.261319196s ago: executing program 0 (id=3287):
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=@ipv4_newroute={0x24, 0x1a, 0x1, 0x0, 0x0, {0x2, 0x20, 0x20}, [@RTA_UID={0x8}]}, 0x24}}, 0x0)

2m21.732643811s ago: executing program 0 (id=3280):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x2004000, &(0x7f0000000040), 0xfe, 0x563, &(0x7f00000007c0)="$eJzs3c9rHFUcAPDvbHbbpK02BSnoQQI9WKndtIk/KnioR9FiQe91SaahZNMt2U1pYsH2oBcvUgQRC+If4N1j8R/wryhooUgJevASmWQ22Ta7m1/bZHU/H5j2vZnZefPmzXv5vp1dNoCBNZb9U4h4OSK+SSKOt2wrRr5xbG2/5Se3p7IliZWVT/5MIsnXNfdP8v+PNjPFiF+/jDhT2FxufXFptlKtpvN5frwxd2O8vrh09tpcZSadSa9PTE5eeGty4t133u5ZXV+//Pf3Hz/44MLXp5a/+/nRiXtJXIxj+bbWeuzBndbMWIzl16QUF5/Z8XwPCusnyUGfALsylPfzUmRjwPEYyns98P/3RUSsAANpJBL9HwZUMw5ozu035sHDBxiV7J/H769NgDbXv7j23kgMr86NjiwnT82MsvnuaA/Kz8r45Y/797Ilevc+BMCW7tyNiHPF4ubxL8nHv907t419ni3D+Af750EW/7zRLv4prMc/0Sb+Odqm7+7G1v2/8KgHxXSUxX/vtY1/1x9ajQ7luRciRkajlFy9Vk2zse3FiDgdpcNZvtvznAvLD1c6bWuN/7IlK78ZC+bn8ah4+OnXTFcalb3UudXjuxGvtI1/k/X2T9q0f3Y9Lm+zjJPp/Vc7bdu6/s/Xyk8Rr7Vt/40nWkn355Pjq/fDePOu2Oyvr07+1qn8g65/1v5Hutd/NGl9XlvfeRk/Dv+Tdtq22/v/UPLpavpQvu5WpdGYPx9xKPlo8/qJjdc28839s/qfPtV9/Gt3/49ExGfbrH+3mXQ/tP/0jtp/54mHH37+Q6fy8/qXomv7v7maOp2v2c74t90T3Mu1AwAAAAAAgH5TiIhjkRTK6+lCoVxe+3zHS3GkUK3VG2eu1hauT8fqd2VHo1RoPuk+vpZPmp9/GG3JTzyTn4yIExHx7dDIar48VatOH3TlAQAAAAAAAAAAAAAAAAAAoE8c7fD9/8zvQwd9dsBz5ye/YXBt2f978UtPQF/a7d//+R6fB7D/xP8wuPR/GFz6Pwwu/R8Gl/4Pg0v/h8Gl/wMAAAAAAAAAAAAAAAAAAAAAAAAAAEBPXb50KVtWlp/cnsry0zcXF2ZrN89Op/XZ8tzCVHmqNn+jPFOrzVTT8lRtbqvjVWu1G+cnYuHWeCOtN8bri0tX5moL1xtXrs1VZtIraWlfagUAAAAAAAAAAAAAAAAAAAD/LfXFpdlKtZrOS/RzYvg5HfnO3o9T7IfrI7HjRBLd9znokQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANvwbAAD//+f9MzI=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0)

2m20.727827205s ago: executing program 0 (id=3290):
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/\x00et/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44\x8cm\xa0\x8dN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fstat(r0, &(0x7f0000000b80))

2m16.478976253s ago: executing program 0 (id=3314):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8501, 0x0)
io_setup(0x3, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f0000000200)={0x0, 0x0, 0x20, 0x7, 0x0, r0, 0x0, 0x0, 0x446, 0x0, 0x2}])

2m14.667285921s ago: executing program 39 (id=3314):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x8501, 0x0)
io_setup(0x3, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f0000000200)={0x0, 0x0, 0x20, 0x7, 0x0, r0, 0x0, 0x0, 0x446, 0x0, 0x2}])

1m46.876721918s ago: executing program 5 (id=3495):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000ac0), r0)
sendmsg$IEEE802154_LLSEC_SETPARAMS(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f00000003c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000000000000000220000000a000100774fb70a9930"], 0x20}}, 0x2000c094)

1m46.269688752s ago: executing program 5 (id=3502):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
rename(&(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1m45.315624158s ago: executing program 5 (id=3507):
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000400)='./file0\x00', 0x94, &(0x7f0000003280)=ANY=[@ANYBLOB="0001def4774774366f0b8a20db13db64e85fc9322c3fe018b91ff1291b4f4c56de7e4543f49818e1307d98d09daa1e2a7dbf88003e9401dc73aad0b7dbb5685565c7825ba8340621faeae92abed19c524ab06c4303258d253722e159642af447aeb096c6a26d345d82f2925163331b0e9157441a9c61dd1051d3b970f9ac12f5975cf1ad4e45acef1a54921c492a77bcb1858b68758ed339608b8e43c733219f1f9e0b867840f821e03bc0e8a497c4d5dde436000090a397637dedb2f3"], 0x1, 0xd99, &(0x7f0000006900)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086e81, 0x0)

1m44.149623118s ago: executing program 5 (id=3528):
r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
copy_file_range(r1, 0x0, r0, 0x0, 0x80, 0x0)

1m43.660602132s ago: executing program 5 (id=3521):
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)
symlink(&(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000800)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

1m43.099675194s ago: executing program 5 (id=3526):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x80}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x38}}, 0x0)

1m27.873102599s ago: executing program 40 (id=3526):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x14, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x80}, {0x5, 0x3, 0x2}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x3}]}, 0x38}}, 0x0)

53.033653019s ago: executing program 9 (id=3840):
unshare(0x22020400)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$PROG_BIND_MAP(0x23, &(0x7f00000000c0)={r0, 0x1}, 0xc)

52.462888116s ago: executing program 9 (id=3845):
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000000), 0x10300, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b24, &(0x7f0000000000)={'wlan1\x00'})

52.00381789s ago: executing program 9 (id=3850):
r0 = syz_open_procfs(0x0, &(0x7f0000000140)='net/tcp6\x00')
preadv(r0, &(0x7f0000000280)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1, 0xffffffff, 0x5)
lseek(r0, 0x4, 0x4)

51.005818869s ago: executing program 9 (id=3856):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0xe, &(0x7f00000004c0)={[{@resuid}, {@init_itable}, {@minixdf}, {@noblock_validity}]}, 0x3, 0x451, &(0x7f0000000f80)="$eJzs3M2PU1UbAPDn3k6HlxdwRsQPPtRRNE78mGEAlYULNZq4wMREF7qczAwEKYxhxkQIUTAGV8aYuDcu/Rdc6cYYVyZudW9IiGEDuKq57b1MW9rCdFqq098vuXDOvedyztNzT3vuPS0BjKyp7I8kYntE/B4RE/Vsc4Gp+l/Xr55fuHH1/EIS1erbfyW1cteunl8oihbnbcsz02lE+lkSe9vUu3L23Mn5SmXpTJ6fXT31wezK2XPPnTg1f3zp+NLpg0eOHD409+ILB5/vS5xZm67t+Xh53+433vvqzaNfNMXfEkefTHU7+GS12ufqhmtHQzoZG2JDWJdSRGTdVa6N/4koxVrnTcTrnw61ccBAVavV6rbOhy9UgU0siea8IQ+jovigz+5/i611EvDy4KYfQ3fllfoNUBb39XyrHxmLNC9Tbrm/7aepiHj3wt/fZFsM5jkEAECTH7L5z7Pt5n9pPNBQ7p58bWgyIu6NiJ0RcV9E7IqI+yNqZR+MiIfWWX/rIsmt85/0ck+B3aFs/vdSvrbVPP8rZn8xWcpzO2rxl5NjJypLB/LXZDrKW7L8XJc6fnztty87HWuc/2VbVn8xF8zbcXlsS/M5i/Or8xuJudGVixF7xtrFn9xcCUgiYndE7OmxjhNPf7ev07Hbx99FH9aZqt9GPFXv/wvREn8h6b4+Ofu/qCwdmC2uilv98uultzrVv6H4+yDr//+3vf5vxj+ZNK7Xrqy/jkt/fN7xnqbX6388eaeWHs/3fTS/unpmLmI8OVpvdOP+g2vnFvmifBb/9P72439nrL0SeyMiu4gfjohHIuLRvO2PRcTjEbG/S/w/v/rE+73HP1hZ/Ivr6v+1xHi07mmfKJ386fumSidvif9G9/4/XEtN53vu5P3vTtrV29UMAAAA/z1pRGyPJJ25mU7TmZn69+V3RaSV5ZXVZ44tf3h6sf4bgckop8WTromG56Fz+W19PX8xIupfLSiOH8qfG39d2lrLzywsVxaHHTyMuG0dxn/mz9KwWwcMnN9rwegy/mF0Gf8wuox/GF1txv/WYbQDuPvaff5/MoR2AHdfy/i37AcjxP0/jK6O438z/88/QI3PfxhJK1vj9j+S75oo/qUeT9+0iSj/K5qx8UQ1adu5kQ67YRKDTAz3fQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBf/gkAAP//qmHgTw==")
syz_mount_image$fuse(0x0, &(0x7f0000000200)='./file2\x00', 0x42, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

50.237461637s ago: executing program 9 (id=3864):
r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$SG_IO(r1, 0x2285, &(0x7f0000000040)={0x53, 0xfffffffe, 0x1, 0x0, @buffer={0x2, 0x51, &(0x7f00000000c0)=""/81}, &(0x7f0000000300)="259374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0})

49.712863339s ago: executing program 9 (id=3867):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x10}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

48.396005319s ago: executing program 41 (id=3867):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x18, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2}, {0x3, 0x3, 0x3, 0xa, 0x9, 0xfe00}, {0x6, 0x0, 0xb, 0x9, 0x0, 0x8}, {0x3, 0x3, 0x3, 0xa, 0x9}, {0x7, 0x1, 0xb, 0x6, 0x8, 0x10}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r0}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

5.020041589s ago: executing program 2 (id=4126):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x8, 0x3032, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x1f, 0x10, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bf8100000000000007080000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018210000", @ANYRES32=r0, @ANYBLOB="0000000002000000b705000008000000850000002e00000095"], &(0x7f0000000500)='GPL\x00', 0x8, 0x1002, &(0x7f00000017c0)=""/4098, 0x40f00}, 0x94)

4.566775722s ago: executing program 1 (id=4128):
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, &(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x6)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x20)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="6d706f6c3d62690bbe608ae7a8e257d632a80e6e643a302d4e3a332f"])

4.564590586s ago: executing program 2 (id=4129):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f00000000c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x6, 0x8, 0xd, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x4}, {0xd, 0x24, 0xf, 0x1, 0x7, 0x4, 0x1, 0x3}, {0x6, 0x24, 0x1a, 0x6, 0x9}}, {{0x9, 0x5, 0x81, 0x3, 0x400, 0xa, 0xfc, 0x2}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x20, 0xbd, 0x8, 0xa}}, {{0x9, 0x5, 0x3, 0x2, 0x40, 0x2, 0x3, 0x3}}}}}}}]}}, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]})

3.961230301s ago: executing program 1 (id=4133):
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x810, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0xfd, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x24, 0xfc}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, &(0x7f0000000000)={0x40, 0x22, 0x8, {0x8, 0xe, "4b966400448e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

3.685537603s ago: executing program 7 (id=4134):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x20004450)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @dup_ipv6={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_DUP_SREG_ADDR={0x8, 0x1, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0xe}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840)

3.677243674s ago: executing program 3 (id=4135):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DIRECTION={0x5, 0x3, 0x20776f0ef85ae476}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x8}, @NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x9}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000)

3.327184158s ago: executing program 3 (id=4136):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth0_to_team\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="680000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800c0001006d6163766c616e00300002800800010010000000040005800a000400aaaaaaaaaabb000008000300030000000a120400acaaaaaab1aa000008000500", @ANYRES32=r1], 0x68}}, 0x0)

3.1774863s ago: executing program 4 (id=4137):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000240)=ANY=[@ANYBLOB="e0000002ac1414aa01"], 0x18)

2.910852688s ago: executing program 7 (id=4138):
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
mount$9p_fd(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000001540)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

2.733219947s ago: executing program 3 (id=4139):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2540, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0xe)
ioctl$TIOCSSOFTCAR(r0, 0x541a, 0x0)

2.681434952s ago: executing program 4 (id=4140):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0x40)
setsockopt$inet_mreqsrc(r0, 0x0, 0x25, &(0x7f0000000100)={@multicast2, @loopback, @empty}, 0xc)

2.435544606s ago: executing program 7 (id=4141):
r0 = socket$nl_sock_diag(0x10, 0x3, 0x4)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))
sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000780)={0x5c, 0x12, 0x905, 0x70bd26, 0x25dfdbfd, {0xa, 0x9, 0x4, 0x0, {0x4e24, 0x4e23, [0xfffffffb, 0x924, 0x6, 0x6], [0xfffffffd, 0x5, 0x1, 0x2], 0x0, [0x10000, 0x1000]}, 0x6, 0xffffffff}, [@INET_DIAG_REQ_BYTECODE={0x10, 0x1, "0d6cae4f941032de7bcbf98e"}]}, 0x5c}, 0x1, 0x0, 0x0, 0x26000001}, 0x800)

2.252667362s ago: executing program 3 (id=4142):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SHOW_LINK_STATS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01800000000000000000010000000000004101"], 0x28}}, 0x40000)

2.160360278s ago: executing program 4 (id=4143):
r0 = io_uring_setup(0x6b3, &(0x7f0000000000)={0x0, 0xf322, 0x100, 0x2, 0x213})
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x582, 0x0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f00000001c0)=[r1, r0], 0x2)

2.005263609s ago: executing program 7 (id=4144):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])

1.878849121s ago: executing program 3 (id=4145):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000840)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_DELSET={0x2c, 0xb, 0xa, 0x301, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x54}, 0x1, 0x0, 0x0, 0x4000850}, 0x44)

1.835860142s ago: executing program 1 (id=4146):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000180)={0xffffff}, 0x10)
write(r0, &(0x7f0000000000)="240000001a005f0214f9f407000904008100000000030000000000000800040006020000", 0x24)

1.589519124s ago: executing program 4 (id=4147):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x42000, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000002c0)=0xfffffffe)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000100)=0xffff0080)

1.451092677s ago: executing program 2 (id=4148):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=@delchain={0x24, 0x5f, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0x5, 0x2}, {0x1, 0xe}}}, 0x24}}, 0x0)

1.433750352s ago: executing program 3 (id=4149):
r0 = syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000380)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc52f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000100)={0x0, 0x3b, 0x12, {0x12, 0xd, "4d8188c146809523edf24a6184323b5f"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

1.318353804s ago: executing program 1 (id=4150):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000010005000500070000000000080009000000000014002000fec00000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)

1.034453964s ago: executing program 2 (id=4151):
r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='source', &(0x7f0000005fc0)='//\xf2/\x06\b/\xdf/o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas^\xef\xa2\x85\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7ul\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcf\xcb\x92\xf1\x83\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b\xa30\\o\xdc\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b<M\n\xc0`[\x82\xf6$\xa4\xbe\x1e\xd3\xe4\xd9L\x14\xed\xcfK\xcc\xeb,\x1a1\xa6\xf3e\xc2F\xc3\x00\xaa\xd5\xfc\x1bR\xa9\x8c\xb4&\x9f\xa2$\x06\x1a\xb0W#\xf4\xde6\x04c\xc0\xeec\xa0l\xd5d\xe5\xcd\xb2\xc10\x97w\x87\xe5\x06\x91W\rr\xf5\x97%\xe8pO\xeb]\xc2\x98C\xffK\xa0\xb3\\\x99{\xcdR\x92\x94\xf7\x1d\x01Q\x1a\xbd\x15b\x15h\xe2!\x00\xb9z)\x19\x00\xee\xd2)[p`\xb3\x03\xa7p\'X\xec\xcdoX\x05\xff\xff/o\xb2\xad\xb8\x89i@\f\xffS&\x8a\xc9\xfez\xc2\x90\xe7F\xa6\xdb\r\x03j,N\xe1lw\n\xad\xe8\xf0\xbd\xa1\x98\xce\xf9\x1eR\x9cc\xc5ke_\xa7\x11\"\x04\xd8.\xa0\x15\x83\xf1\x92\xdby\xe9\xdc@.\xc1g\xc6\fc\xa26\xd8\xdf\xef\xf7\x9c\x1a\xcc\x8am\x8b7\xcf\xc5\xa6\xf4\f\xabj%Y\xa9\xdd\x0e9e\xb5\xec\x99@\xd2\t\n\xb1o', 0x0)

977.27234ms ago: executing program 4 (id=4152):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'tunl0\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xe}, {0xffff, 0xffff}, {0x0, 0xe}}, [@qdisc_kind_options=@q_mq={0x7}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x1, 0x0, 0x1000, 0x0, 0x2, 0x1}}, {0x4}}]}]}, 0x50}}, 0x4000010)

956.005072ms ago: executing program 1 (id=4153):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x22440, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
fcntl$notify(r0, 0x402, 0x0)

691.041516ms ago: executing program 7 (id=4154):
r0 = add_key$keyring(&(0x7f00000004c0), &(0x7f0000000580)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, &(0x7f0000000200)='asymmetric\x00', &(0x7f00000002c0)=@chain)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r0)

513.483994ms ago: executing program 2 (id=4155):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = memfd_create(&(0x7f0000000240)='-B\xd5NI\xc4\xb5 \xe5\v.j\xf4\x8di\x11\xef\x8bl\xc9\x1e\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xff\x03\x00\x00nh#\xcf)\x1e\xc8\xc0\"\x9cc\x10d\xee\xa9\xab\x06\x97kf\xc7\x820\x80T\r\xde\xc58M\xcd\xfb\xcc\x82n=\x7f=\x8b\x1d\xea\xef\xe3\x00\x00\x03\r\x00\x00\x10\x00@\x00\x00\x00\x00\x00\x00\x00\xcbM\x8a_\xbf\xb59Q\x05\x82E\x12p\xcf\x15@o\xac\x17P;\x11\x93\x97\xb6\xdc\xad\x00C\x87\xc1\xbb\xb2>\xa3 #\xd5T\xdd\x8cn<\xd0$$\x9bo\x03\xdb#(\x03\x00\x00\x00\xe3r%/\xca\xb4\xd1x\xd8\xb0uN\xcf\b%\x00\x00\x00\x00\x00\x00\x00\bUO\x9f(\xe4\xda\x1eLj:\x8av\xd4\xe1\xc2ze\x16\asP\xae&yF.\xe8\xf5\xa2\xdf\x86\xa0t\x05~~\x92U\x1e\x87\xdb\xdfg\x9enz\b\xfaw\xfb*[r\x0e\xcb`\xdf\xa1\x16{<)\x9d\x99h\x00\x10\x02\x00'/302, 0x4)
cachestat(r0, &(0x7f0000000000), 0x0, 0x0)

498.558001ms ago: executing program 4 (id=4156):
syz_mount_image$hfsplus(&(0x7f0000001cc0), &(0x7f00000016c0)='./file0\x00', 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB='umask=00000000000000000000000,decompose,nls=cp932,uid=', @ANYRESHEX=0xee01, @ANYBLOB="2c6e6f626172726965722c0000000000000b9c00000030303030303030c8f71132e94930303030342c00"], 0x20, 0x6de, &(0x7f0000002100)="$eJzs3U9sW3cdAPDvsx0n7qTMG+1WEFKjVVSwQpvEjBYJiYIQymGCSlx2DW26RnWyKslQWiHqAYMjnFAPOwyhcNgJcUAa4oAYZyQk7r1X4sCt4oDRe34vsZ3Esds4abvPR3p+v+f3+/N9X//es/3SygF8ai28FROtSGLh/Jub6faDrUbzwVZjpShHxGRElCIqnVUkqxHJJxFXorPEZ9Mn8+6S/cZ54+HHH5y7/1Gjs1XJl6x+aVC7He0BI7TyJWYiopyvR1TZr79re/R3b6Suk+2404SdLRIHx629S2uU5kOct8DT7l5EeWKP5+sRJyJiKv8cEPnVoXTE4R26ka5yAAAA8HQqH1ThxUfxKDZj+mjCAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgOdD0vnNwCRfSkV5JpL89/+/n1fLVKvHG+4BvnzA/vdvHFEgAAAAAAAAAHD4JnaKZx7Fo9iM6WK7nWR/838t2ziZPb4Q78Z6LMVaXIjNWIyN2Ii1mIuYmO7qs7q5uLGxNre75W8ibdlut+/lLecjor6r5fyYjxkAAAAAAAAAnm8/jYWYPu4gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgWxJR7qyy5WRRrkepEhFTEVFN67Ui/lKUn2V/Pe4AAAAAYPxq+Xo6+V+n0E6y7/yvZN/7p+LdWI2NWI6NaMZSXM/uBXS+9Zf+2Wo0H2w1VtJld8ff+vdIcWQ9RkQ53ttn5NmsxqntFgvx3fhBnI+ZuBprsRw/isXYiKWYiVp6ELEYSdRrnbsX9SLO3njLeVdXekK52h/bmb7t01kktbgRy1lsF+JateitlNVI4nTXaH+qRvRl6L00O8k3c0Pm6HrX6/Xr/L5Mrv3ikH2MRz078ontjMymuc+z8dLeuS+MOE/6R5qL0vY9qJM7o6Sb/SMVOf/hKDk/ka/TXP+iN+eHbcRbaf2ZmI9SPvsiXunN+e0v3H+5t/GX/vW3qzdLq7du3lg/P8ZDGquJotCfiUZXJl4dPPvyTDTTTLSGz8RE/xNTT3Ach6iaZ6NzYRvuavmdrLQYr3VNwXfieizFpZiNubgcs/H1mI9Gzww71ZPXSmOlNyfZuVbafX2rDQj+7Be7Kv3ygMpHK83LS1157b7S1bN9+TNXfhWzXVl6efDse5x3gcrn8kI6xs+233GeBj2ZyK/NRXTFG9Q+mfhtO31cb67eWru5eHvI8c7l6/S0fb/32vy7Jz6YJ5LOl/SKW8m2spzUivmS7vvMdrS9+armf3HptCvt2ndqe189pmM5vrfvmVrNP8Pt7qmz79U99zWyfae79vV8yol3opl9CukzczRZBWBoJ14/Ua09rP2j9mHt57WbtTenvj15efLz1Zj4e+XP5T+Ufl/6RvJ6fBg/ienjjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ4H63fu3lpsNpfWxlioPuZYUTqwztYLw3UY9YjBYyV5oTrubDwFhf9MDcxGLcY0+h8jYkCd6hMPkYx/PqcT+VA6LH44LXumXR6heaVotXedSqxP7fcKTu687lG/tdj8b7unTi26ThngOXdxY+X2xfU7d7+yvLL49tLbS6vzly9dvtT42txXL95Ybi7Ndh6PO0pgHNbv3C0fdwwAAAAAAAAAAADAaPJ//b/x2P+ZoXJAnera+t4jnznqQwUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeUQtvxUQrkpibvTCbbj/YajTTpSjv1KxERCkikh9HJJ9EXInOEvWu7pL9xnnj4ccfnLv/UWOnr0pRvzSo3XBa+RIzEVHO1web3KOb3f1d6+qv9VjhJdtHmCbsbJE4OG7/DwAA//9tSfWT")
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802052, 0x0, 0xfc, 0x0, &(0x7f00000001c0))
rmdir(&(0x7f00000000c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00')

471.005526ms ago: executing program 1 (id=4157):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r0, &(0x7f0000000140)="5c000000010006", 0x7)

192.659701ms ago: executing program 7 (id=4158):
syz_mount_image$hfsplus(&(0x7f0000000480), &(0x7f0000000640)='./file1\x00', 0x1008000, &(0x7f0000000300)=ANY=[@ANYBLOB="000075b8b62e943fefae1913e055b8852885f3200b41a4a7e940141a3e9a708cfa000f58442c767bb8bac7e75a49ac5762e52f7f3bf6909e28d3468821124bce8d75bf8584dedd275c45e85bfa22d157b6d5ac4e569df05173d6ff9d8ed3bdf95c41f60f6a1b456842fecd0f09b6ab9136de2336b349cfe9cd308933da9b574e4f040f"], 0x1, 0x616, &(0x7f0000002600)="$eJzs3cFvHFcdB/Dvbhxn14jUcZM2oEpYRUIIi2RtSyRBSEApyEIVqsSBs0WcxMomrewtcnsAgzhUnPonlIP/AcSxSDnQHuHUs1GPSJzxzWhmZ9dre7Edx7XXyecjzb735s28+c1vZ9Yzu7ImwAtrYSZjT1LLwsxba0V7c2O+vbkx/6hXT3IpST1pJKkVs/+a5ItkPd0pX+t1DJT7fP5J4/5nH336YbfVqKZy+dpB6+3XHDKvH8tkN9ayfAa7xps7ZLzGocPt3sOpJNPPFh+cjO2efw3tforzEgA4b2rJhWHzJ5OJ6hq3uA/oXhV3r7HPtfWzDgAAAABOwUtb2cpaLp91HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCeVM//r1VTvVefTq33/P/xal6q+nnRHDbzyenHAQAAAAAAAADHMXFQ5ze2spW1XO61t2vlb/6vl42r5etX8l5Ws5SV3MhaFtNJJyuZTTI5MND42mKnszJ7hDXnhq4512+PndB+AwAAAAAAAMDz7s7Aj+x/yMLO7/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAKasmFblFOV3v1ydTHkjSSjBfLrSf/7NXPsydnHQAAAACcgpe2spW1XO61t2vlPf8r5X1/I+/lcTpZTiftLOVu+V1A966/vrkx397cmH9UTPvH/fF/egNeOEoY5YjpfvcwfMvXyyWauZflcs6N/DrvpJ27qZdrFq734hmIa31nIytFTLUfVo6YoLtVWez5z6tyNEyWGbnYz0iriq3IxpUhmRjQf3eOt6XZ1Pvf/Fw9eEu/P07OJ6qy2J83q3K78lSBn7i9mZgbOPpeOTgTydSv/nTrQfvxwwf3VmdG5zA6pr2ZmB/IxKubG5eSvCCZaJWZuNZvL+Rn+WVmMp23s5Ll/CaL6WQp03mzrC1W52nxOnnwMfOjXa23D4tkvHpfup+iTxfT6+W6l7OcX+Sd3C3f0VZu5Vbm8r3cSWvXO3xtaNy/652d5Vlf33XWf/Ww4L/57apyMclPq3I0FHm9MpDXwc/cybJvcM5OlqZO/rNx7OtVpTh63hi5v0dX9vyV6GXi5YMz8efywFltP3648mDx3SNub6wqiwz8ZF8mjnbd8eUojpepfoS7j46i7+WhfbNl39V+X31f37V+32Fn6nh1Dbd/pLmy79Whfd3Ir3f7mkXvsOstAEbexHcmxpv/bv6j+XHzj80Hzbcab1y6fem18Vz8+8Xvj7UufKv+Wu0v+Ti/3bn/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAjm/1/Q8eLrbbSyujXflv9RS4UYlH5VQr9YxEGC9U5aw/mYAv283Oo3dvrr7/wXeXHy3eX7q/9PhO6/bt2dnZW62b95bbS9XrWUcJAJyk6qJ/e3QeJwwAAAAAAAAAAAAAAOx1Gv9OfNb7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPN8WZjL2JLXMtm60ivbmxny7mHr1nSUbSWpF5W9JvkjW050yOTBc7f9t5/NPGvc/++jTD3fGavSWrx203tH8YGIglvqemI5h177NPfN4O3s4nWSqKuHM/S8AAP//2XgQjQ==")
r0 = creat(&(0x7f0000000080)='./file1\x00', 0x30)
write$cgroup_type(r0, &(0x7f00000009c0), 0xd4ba0ff)

0s ago: executing program 2 (id=4159):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}]}, 0x2c}}, 0x0)

kernel console output (not intermixed with test programs):

ck 7: comm syz-executor: bad entry in directory: inode out of bounds - offset=4, inode=150994957, rec_len=16, size=60 fake=0
[  853.162999][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.216099][T12751] EXT4-fs error (device loop0): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /57/file1/file0: bad entry in directory: inode out of bounds - offset=24, inode=150994957, rec_len=16, size=80 fake=0
[  853.246407][T13661] loop2: detected capacity change from 0 to 4096
[  853.259671][T12751] EXT4-fs error (device loop0): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /57/file1/file0: bad entry in directory: inode out of bounds - offset=24, inode=150994957, rec_len=16, size=80 fake=0
[  853.281402][    C0] vkms_vblank_simulate: vblank timer overrun
[  853.307385][T12751] EXT4-fs error (device loop0): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: inode out of bounds - offset=4, inode=150994957, rec_len=16, size=60 fake=0
[  853.348186][ T5826] Bluetooth: hci0: failed to read key size for handle 201
[  853.358592][ T5826] Bluetooth: hci0: unexpected event for opcode 0x1408
[  853.390137][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.425269][T12751] EXT4-fs error (device loop0): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /57/file1/file0: bad entry in directory: inode out of bounds - offset=24, inode=150994957, rec_len=16, size=80 fake=0
[  853.471140][T13674] loop4: detected capacity change from 0 to 1024
[  853.488095][T12751] EXT4-fs error (device loop0): ext4_read_inline_dir:1502: inode #12: block 7: comm syz-executor: path /57/file1/file0: bad entry in directory: inode out of bounds - offset=24, inode=150994957, rec_len=16, size=80 fake=0
[  853.526832][T12751] EXT4-fs error (device loop0): empty_inline_dir:1786: inode #12: block 7: comm syz-executor: bad entry in directory: inode out of bounds - offset=4, inode=150994957, rec_len=16, size=60 fake=0
[  853.549447][T13661] ntfs3(loop2): ino=1a, mi_enum_attr
[  853.549591][T13661] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  853.567578][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.601793][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.608067][T13674] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  853.631850][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.650660][T13674] ext4 filesystem being mounted at /714/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  853.666784][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.710099][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.763951][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.793044][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  853.827624][T12751] EXT4-fs warning (device loop0): empty_inline_dir:1793: bad inline directory (dir #12) - inode 150994957, rec_len 16, name_len 5inline size 60
[  854.104532][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  854.707204][T13686] loop9: detected capacity change from 0 to 256
[  854.972455][T13686] FAT-fs (loop9): Directory bread(block 64) failed
[  854.979427][T13686] FAT-fs (loop9): Directory bread(block 65) failed
[  854.989018][T13686] FAT-fs (loop9): Directory bread(block 66) failed
[  854.996325][T13686] FAT-fs (loop9): Directory bread(block 67) failed
[  855.000444][T13690] sp0: Synchronizing with TNC
[  855.003274][T13686] FAT-fs (loop9): Directory bread(block 68) failed
[  855.003457][T13686] FAT-fs (loop9): Directory bread(block 69) failed
[  855.003668][T13686] FAT-fs (loop9): Directory bread(block 70) failed
[  855.003771][T13686] FAT-fs (loop9): Directory bread(block 71) failed
[  855.039260][T13686] FAT-fs (loop9): Directory bread(block 72) failed
[  855.048953][T13686] FAT-fs (loop9): Directory bread(block 73) failed
[  856.570641][T13710] digital: digital_start_poll: Unknown protocol
[  856.916977][T12751] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  856.957011][   T12] bond0: (slave netdevsim3): Releasing backup interface
[  856.986661][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  857.141694][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  857.260952][T13720] netdevsim netdevsim4: Firmware load for '../file0' refused, path contains '..' component
[  857.442565][ T5826] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  857.451359][ T5826] Bluetooth: hci0: Injecting HCI hardware error event
[  857.462045][ T5826] Bluetooth: hci0: hardware error 0x00
[  857.496095][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  857.579820][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  857.596374][T13721] blktrace: Concurrent blktraces are not allowed on nbd9
[  857.685881][T13723] loop2: detected capacity change from 0 to 256
[  857.865467][T13723] FAT-fs (loop2): Directory bread(block 64) failed
[  857.875079][T13723] FAT-fs (loop2): Directory bread(block 65) failed
[  857.875181][   T12] bridge_slave_1: left allmulticast mode
[  857.881969][T13723] FAT-fs (loop2): Directory bread(block 66) failed
[  857.887617][   T12] bridge_slave_1: left promiscuous mode
[  857.888459][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  857.894540][T13723] FAT-fs (loop2): Directory bread(block 67) failed
[  857.917111][T13723] FAT-fs (loop2): Directory bread(block 68) failed
[  857.924034][T13723] FAT-fs (loop2): Directory bread(block 69) failed
[  857.931189][T13723] FAT-fs (loop2): Directory bread(block 70) failed
[  857.943300][T13723] FAT-fs (loop2): Directory bread(block 71) failed
[  857.951308][T13723] FAT-fs (loop2): Directory bread(block 72) failed
[  857.958412][T13723] FAT-fs (loop2): Directory bread(block 73) failed
[  857.985844][   T12] bridge_slave_0: left allmulticast mode
[  857.991764][   T12] bridge_slave_0: left promiscuous mode
[  858.001465][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  858.546502][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  858.590050][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  858.628076][   T12] bond0 (unregistering): Released all slaves
[  859.081482][   T12] hsr_slave_0: left promiscuous mode
[  859.116744][   T12] hsr_slave_1: left promiscuous mode
[  859.125667][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  859.136266][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  859.182555][T13732] loop9: detected capacity change from 0 to 256
[  859.215588][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  859.226214][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  859.248601][T13732] exfat: Deprecated parameter 'utf8'
[  859.257806][T13732] exfat: Deprecated parameter 'namecase'
[  859.317379][   T12] veth1_macvtap: left promiscuous mode
[  859.326129][   T12] veth0_macvtap: left promiscuous mode
[  859.332500][   T12] veth1_vlan: left promiscuous mode
[  859.338173][   T12] veth0_vlan: left promiscuous mode
[  859.415205][T11653] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  859.430388][T13732] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d)
[  859.577351][ T5826] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  859.588633][T11653] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  859.603267][T11653] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  859.614345][T11653] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  859.628153][T11653] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  859.640093][T11653] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  859.875456][T11653] usb 3-1: config 0 descriptor??
[  860.078700][ T5817] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  860.091840][ T5817] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  860.112085][ T5817] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  860.127693][ T5817] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  860.145014][ T5817] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  860.507078][T11653] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  860.519464][T11653] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  860.529211][T11653] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  860.539386][T11653] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  860.551551][T11653] plantronics 0003:047F:FFFF.0022: unknown main item tag 0x0
[  860.623175][T11653] plantronics 0003:047F:FFFF.0022: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  860.650071][   T12] team0 (unregistering): Port device team_slave_1 removed
[  860.701590][T11653] usb 3-1: USB disconnect, device number 10
[  860.726913][   T12] team0 (unregistering): Port device team_slave_0 removed
[  861.851369][T13756] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3328'.
[  861.860913][T13756] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3328'.
[  862.044400][T13737] chnl_net:caif_netlink_parms(): no params data found
[  862.073184][T13760] comedi comedi3: 8255: I/O port conflict (0x5,4)
[  862.079998][T13760] comedi comedi3: 8255: I/O port conflict (0x2,4)
[  862.242787][ T5817] Bluetooth: hci1: command tx timeout
[  863.268743][T13737] bridge0: port 1(bridge_slave_0) entered blocking state
[  863.276651][T13737] bridge0: port 1(bridge_slave_0) entered disabled state
[  863.288537][T13737] bridge_slave_0: entered allmulticast mode
[  863.298049][T13737] bridge_slave_0: entered promiscuous mode
[  863.320953][T13737] bridge0: port 2(bridge_slave_1) entered blocking state
[  863.329492][T13737] bridge0: port 2(bridge_slave_1) entered disabled state
[  863.337689][T13737] bridge_slave_1: entered allmulticast mode
[  863.349512][T13737] bridge_slave_1: entered promiscuous mode
[  863.592560][T13737] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  863.620766][T13737] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  863.811524][T13737] team0: Port device team_slave_0 added
[  863.871606][T13737] team0: Port device team_slave_1 added
[  864.125644][T13737] batman_adv: batadv0: Adding interface: batadv_slave_0
[  864.133182][T13737] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.162433][T13737] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  864.272467][T13786] loop9: detected capacity change from 0 to 8192
[  864.305891][ T5817] Bluetooth: hci1: command tx timeout
[  864.341507][T13737] batman_adv: batadv0: Adding interface: batadv_slave_1
[  864.349040][T13737] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  864.383056][T13737] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  864.387313][   T30] audit: type=1800 audit(1753297769.205:105): pid=13786 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3340" name="file2" dev="loop9" ino=1048729 res=0 errno=0
[  864.415027][    C0] vkms_vblank_simulate: vblank timer overrun
[  864.677242][T13737] hsr_slave_0: entered promiscuous mode
[  864.687300][T13737] hsr_slave_1: entered promiscuous mode
[  864.698449][T13737] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  864.708868][T13737] Cannot create hsr debugfs directory
[  864.761775][T13795] loop1: detected capacity change from 0 to 1024
[  864.780645][T13799] loop4: detected capacity change from 0 to 512
[  864.816914][T13795] EXT4-fs: Ignoring removed orlov option
[  864.825618][T13795] EXT4-fs: Ignoring removed nomblk_io_submit option
[  864.835934][T13799] EXT4-fs: Ignoring removed nobh option
[  864.957546][T13799] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  864.984034][T13799] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.3347: invalid indirect mapped block 256 (level 1)
[  865.046187][T13799] EXT4-fs error (device loop4): ext4_free_branches:1023: inode #13: comm syz.4.3347: invalid indirect mapped block 2683928664 (level 1)
[  865.061632][T13795] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  865.089020][T13799] EXT4-fs (loop4): 1 truncate cleaned up
[  865.121258][T13799] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  865.215241][T13801] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm ext4lazyinit: Invalid block bitmap block 3 in block_group 0
[  865.265292][T13801] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm ext4lazyinit: Invalid block bitmap block 3 in block_group 0
[  865.628057][ T5809] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  865.629303][   T30] audit: type=1800 audit(1753297770.485:106): pid=13799 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3347" name="file0" dev="loop4" ino=13 res=0 errno=0
[  865.879081][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  866.189046][T13811] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3350'.
[  866.198640][T13811] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3350'.
[  866.267391][T13737] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  866.293039][T13737] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  866.372972][ T5817] Bluetooth: hci1: command tx timeout
[  866.379466][T13737] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  866.426047][T13737] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  866.494443][T13816] loop4: detected capacity change from 0 to 256
[  867.135924][T13824] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3358'.
[  867.210369][T13737] 8021q: adding VLAN 0 to HW filter on device bond0
[  867.331374][T13737] 8021q: adding VLAN 0 to HW filter on device team0
[  867.456506][ T1100] bridge0: port 1(bridge_slave_0) entered blocking state
[  867.464264][ T1100] bridge0: port 1(bridge_slave_0) entered forwarding state
[  867.579343][ T1100] bridge0: port 2(bridge_slave_1) entered blocking state
[  867.586990][ T1100] bridge0: port 2(bridge_slave_1) entered forwarding state
[  868.455015][ T5817] Bluetooth: hci1: command tx timeout
[  868.488034][T13833] loop1: detected capacity change from 0 to 4096
[  868.703632][T13848] blktrace: Concurrent blktraces are not allowed on nbd2
[  868.770544][T13844] loop9: detected capacity change from 0 to 2048
[  868.850692][T13833] ntfs3(loop1): ino=1a, mi_enum_attr
[  868.857806][T13833] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  868.907776][T13850] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  869.100392][T13852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3367'.
[  869.295959][T13850] NILFS (loop9): vblocknr = 18 has abnormal lifetime: start cno (= 504403158265495554) > current cno (= 3)
[  869.310442][T13850] NILFS error (device loop9): nilfs_bmap_propagate: broken bmap (inode number=2)
[  869.367009][T13737] 8021q: adding VLAN 0 to HW filter on device batadv0
[  869.378455][T13850] Remounting filesystem read-only
[  869.392044][T12495] NILFS (loop9): disposed unprocessed dirty file(s) when stopping log writer
[  871.082443][    T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  871.272097][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  871.282818][    T9] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  871.300691][    T9] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 121
[  871.412364][    T9] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  871.421744][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  871.436154][    T9] usb 3-1: Product: syz
[  871.440678][    T9] usb 3-1: Manufacturer: syz
[  871.445701][    T9] usb 3-1: SerialNumber: syz
[  871.484263][    T9] usb 3-1: config 0 descriptor??
[  871.491848][T13881] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  871.507063][T13881] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  871.539821][    T9] usb 3-1: ucan: probing device on interface #0
[  871.685819][T13737] veth0_vlan: entered promiscuous mode
[  871.786675][T13737] veth1_vlan: entered promiscuous mode
[  872.077990][T13737] veth0_macvtap: entered promiscuous mode
[  872.152516][T13737] veth1_macvtap: entered promiscuous mode
[  872.209182][    T9] ucan 3-1:0.0: probe with driver ucan failed with error -71
[  872.231285][    T9] usb 3-1: USB disconnect, device number 11
[  872.290091][T13737] batman_adv: batadv0: Interface activated: batadv_slave_0
[  872.333781][T13737] batman_adv: batadv0: Interface activated: batadv_slave_1
[  872.406713][T13737] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  872.418610][T13737] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  872.427952][T13737] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  872.437175][T13737] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  876.052107][T13965] loop9: detected capacity change from 0 to 256
[  876.135674][T13967] netlink: 32 bytes leftover after parsing attributes in process `syz.4.3409'.
[  876.745194][T13975] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3411'.
[  877.286094][ T5088] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  877.295946][ T5088] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  877.526561][ T5088] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  877.537480][ T5088] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  878.100620][T13997] loop1: detected capacity change from 0 to 512
[  878.157918][T13999] netlink: 'syz.5.3316': attribute type 4 has an invalid length.
[  878.166519][T13999] netlink: 17 bytes leftover after parsing attributes in process `syz.5.3316'.
[  878.283661][T13997] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2
[  878.292542][T13997] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  878.399068][T13997] EXT4-fs (loop1): 1 truncate cleaned up
[  878.407410][T13997] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  878.539557][T13995] loop4: detected capacity change from 0 to 8192
[  878.603658][T13997] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000.
[  878.642580][   T30] audit: type=1800 audit(1753297783.505:107): pid=13995 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3419" name="file2" dev="loop4" ino=1048736 res=0 errno=0
[  878.663916][    C0] vkms_vblank_simulate: vblank timer overrun
[  878.795413][ T5809] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  880.131316][   T30] audit: type=1326 audit(1753297784.985:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.157248][   T30] audit: type=1326 audit(1753297784.985:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.179594][    C0] vkms_vblank_simulate: vblank timer overrun
[  880.235111][   T30] audit: type=1326 audit(1753297785.075:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.263616][   T30] audit: type=1326 audit(1753297785.075:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.287232][   T30] audit: type=1326 audit(1753297785.075:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.312015][    C0] vkms_vblank_simulate: vblank timer overrun
[  880.321004][   T30] audit: type=1326 audit(1753297785.075:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=236 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.346225][   T30] audit: type=1326 audit(1753297785.075:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.371471][   T30] audit: type=1326 audit(1753297785.075:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14030 comm="syz.5.3435" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f56539 code=0x7ffc0000
[  880.859739][T14045] gretap0: entered promiscuous mode
[  880.867930][T14045] macsec1: entered promiscuous mode
[  880.901986][T14045] gretap0: left promiscuous mode
[  881.079302][T14049] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3445'.
[  882.005928][T14065] sctp: [Deprecated]: syz.2.3453 (pid 14065) Use of int in maxseg socket option.
[  882.005928][T14065] Use struct sctp_assoc_value instead
[  883.229200][T14091] loop2: detected capacity change from 0 to 512
[  883.352590][T14091] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  883.365945][T14091] ext4 filesystem being mounted at /108/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  883.687687][T12714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  883.784780][T14102] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3470'.
[  883.794763][T14102] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3470'.
[  886.031269][   T30] audit: type=1326 audit(1753297790.895:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14142 comm="syz.9.3489" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000
[  886.057903][   T30] audit: type=1326 audit(1753297790.895:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14142 comm="syz.9.3489" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000
[  886.080435][    C0] vkms_vblank_simulate: vblank timer overrun
[  886.281344][   T30] audit: type=1326 audit(1753297790.985:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14142 comm="syz.9.3489" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf7fc1539 code=0x7ffc0000
[  886.309447][   T30] audit: type=1326 audit(1753297790.985:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14142 comm="syz.9.3489" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000
[  886.331625][    C0] vkms_vblank_simulate: vblank timer overrun
[  886.339297][   T30] audit: type=1326 audit(1753297790.985:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14142 comm="syz.9.3489" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000
[  886.361843][    C0] vkms_vblank_simulate: vblank timer overrun
[  886.370987][   T30] audit: type=1326 audit(1753297790.995:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14142 comm="syz.9.3489" exe="/root/syz-executor" sig=0 arch=40000003 syscall=236 compat=1 ip=0xf7fc1539 code=0x7ffc0000
[  886.396104][   T30] audit: type=1326 audit(1753297790.995:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14142 comm="syz.9.3489" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7ffc0000
[  886.464678][T14149] loop2: detected capacity change from 0 to 512
[  886.562938][T14149] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  886.571440][T14149] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  886.697490][T14149] EXT4-fs (loop2): 1 truncate cleaned up
[  886.708328][T14149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  886.909010][T14149] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[  887.093579][ T5826] Bluetooth: hci5: command 0x0406 tx timeout
[  887.194835][T12714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  887.526112][T14168] sctp: [Deprecated]: syz.9.3498 (pid 14168) Use of int in maxseg socket option.
[  887.526112][T14168] Use struct sctp_assoc_value instead
[  887.778170][T14173] loop5: detected capacity change from 0 to 2048
[  887.892817][T14173] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  887.958460][T14175] loop1: detected capacity change from 0 to 512
[  888.044506][   T30] audit: type=1326 audit(1753297792.915:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14180 comm="syz.2.3504" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  888.070083][   T30] audit: type=1326 audit(1753297792.915:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14180 comm="syz.2.3504" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  888.095188][   T30] audit: type=1326 audit(1753297792.925:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14180 comm="syz.2.3504" exe="/root/syz-executor" sig=0 arch=40000003 syscall=8 compat=1 ip=0xf70fe539 code=0x7ffc0000
[  888.287178][T14175] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  888.300395][T14175] ext4 filesystem being mounted at /742/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  888.549592][ T5809] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  888.822834][T14193] sp0: Synchronizing with TNC
[  889.006037][T14191] loop5: detected capacity change from 0 to 4096
[  889.072631][T14198] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  889.150023][T14201] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3513'.
[  889.856754][T14213] netlink: 232 bytes leftover after parsing attributes in process `syz.1.3520'.
[  890.228072][T14219] loop4: detected capacity change from 0 to 256
[  890.254503][T14219] exfat: Deprecated parameter 'utf8'
[  890.260376][T14219] exfat: Deprecated parameter 'utf8'
[  890.268907][T14219] exfat: Deprecated parameter 'utf8'
[  890.275164][T14219] exfat: Bad value for 'gid'
[  890.280036][T14219] exfat: Bad value for 'gid'
[  893.237935][T14265] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3544'.
[  894.012133][T14274] loop2: detected capacity change from 0 to 512
[  894.121178][T14274] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  894.137288][T14274] ext4 filesystem being mounted at /126/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  894.309149][T14273] loop1: detected capacity change from 0 to 4096
[  894.452668][T14283] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  894.618839][T12714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  895.295811][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  896.216644][T14306] loop9: detected capacity change from 0 to 512
[  896.309335][T14306] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  896.325213][T14306] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  896.678446][T14316] sp0: Synchronizing with TNC
[  896.727748][T12495] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  897.316013][T14325] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3572'.
[  897.971087][T14334] loop1: detected capacity change from 0 to 256
[  898.047386][T14334] exfat: Deprecated parameter 'utf8'
[  898.053906][T14334] exfat: Deprecated parameter 'utf8'
[  898.059644][T14334] exfat: Deprecated parameter 'utf8'
[  898.065877][T14334] exfat: Bad value for 'gid'
[  898.070695][T14334] exfat: Bad value for 'gid'
[  898.140207][T14338] netlink: 232 bytes leftover after parsing attributes in process `syz.2.3579'.
[  898.150036][T14338] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3579'.
[  898.210275][T14333] loop4: detected capacity change from 0 to 4096
[  898.298925][T14339] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  898.831308][T14345] netlink: 'syz.2.3583': attribute type 3 has an invalid length.
[  899.258606][   T30] kauditd_printk_skb: 3 callbacks suppressed
[  899.258674][   T30] audit: type=1326 audit(1753297804.125:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14350 comm="syz.1.3586" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f56539 code=0x0
[  899.471711][T14356] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3587'.
[  900.028434][T14362] veth1_macvtap: left promiscuous mode
[  900.034827][T14362] macsec0: entered promiscuous mode
[  900.099954][T14362] veth1_macvtap: entered promiscuous mode
[  900.107534][T14362] macsec0: left promiscuous mode
[  900.651480][T14369] netlink: 232 bytes leftover after parsing attributes in process `syz.4.3593'.
[  900.689417][T14366] loop1: detected capacity change from 0 to 1024
[  901.266958][T14372] loop9: detected capacity change from 0 to 2048
[  901.334521][T14372] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  901.513435][ T3634] hfsplus: b-tree write err: -5, ino 4
[  901.749437][T14378] support for the xor transformation has been removed.
[  901.791742][T14380] loop1: detected capacity change from 0 to 256
[  902.002578][T14382] loop2: detected capacity change from 0 to 256
[  902.094844][T14384] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (28928)
[  902.105086][T14384] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023
[  902.219790][T14382] FAT-fs (loop2): Directory bread(block 64) failed
[  902.226826][T14382] FAT-fs (loop2): Directory bread(block 65) failed
[  902.234038][T14382] FAT-fs (loop2): Directory bread(block 66) failed
[  902.240846][T14382] FAT-fs (loop2): Directory bread(block 67) failed
[  902.248253][T14382] FAT-fs (loop2): Directory bread(block 68) failed
[  902.255286][T14382] FAT-fs (loop2): Directory bread(block 69) failed
[  902.262457][T14382] FAT-fs (loop2): Directory bread(block 70) failed
[  902.269245][T14382] FAT-fs (loop2): Directory bread(block 71) failed
[  902.278171][T14382] FAT-fs (loop2): Directory bread(block 72) failed
[  902.285786][T14382] FAT-fs (loop2): Directory bread(block 73) failed
[  902.626690][T14386] loop4: detected capacity change from 0 to 4096
[  902.720671][T14391] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  904.267085][T14409] loop9: detected capacity change from 0 to 512
[  904.299819][T14409] EXT4-fs: Ignoring removed nobh option
[  904.363803][T14408] loop1: detected capacity change from 0 to 2048
[  904.421522][T14409] EXT4-fs (loop9): Cannot turn on journaled quota: type 0: error -2
[  904.474237][T14408] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  904.489837][T14409] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #13: comm syz.9.3621: invalid indirect mapped block 256 (level 1)
[  904.550271][T14409] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #13: comm syz.9.3621: invalid indirect mapped block 2683928664 (level 1)
[  904.636339][T14409] EXT4-fs (loop9): 1 truncate cleaned up
[  904.644589][T14409] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  904.676464][T14415] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3614'.
[  904.695517][T14413] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:483: comm ext4lazyinit: Invalid block bitmap block 3 in block_group 0
[  904.735479][T14413] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:483: comm ext4lazyinit: Invalid block bitmap block 3 in block_group 0
[  905.072645][   T30] audit: type=1800 audit(1753297809.925:130): pid=14409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.3621" name="file0" dev="loop9" ino=13 res=0 errno=0
[  905.294055][T12495] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  905.840455][T14428] loop4: detected capacity change from 0 to 512
[  905.934709][T14430] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3622'.
[  906.055217][T14428] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  906.070386][T14428] ext4 filesystem being mounted at /794/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  906.399184][T14437] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3624'.
[  906.563474][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  906.708247][T14441] veth1_macvtap: left promiscuous mode
[  906.715597][T14441] macsec0: entered promiscuous mode
[  906.794704][T14441] veth1_macvtap: entered promiscuous mode
[  906.801741][T14441] macsec0: left promiscuous mode
[  906.834890][T11678] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  906.851944][T11678] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  906.872589][T11678] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  906.892766][T11678] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  906.910318][T11678] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  907.575864][T11678] Bluetooth: hci2: command 0x0406 tx timeout
[  908.023507][T14442] chnl_net:caif_netlink_parms(): no params data found
[  908.169603][T14461] loop2: detected capacity change from 0 to 64
[  908.397069][T14466] (unnamed net_device) (uninitialized): option ad_user_port_key: invalid value (28928)
[  908.407572][T14466] (unnamed net_device) (uninitialized): option ad_user_port_key: allowed values 0 - 1023
[  908.408239][T14463] netlink: 'syz.1.3635': attribute type 3 has an invalid length.
[  908.585392][T14468] loop9: detected capacity change from 0 to 512
[  908.718596][T14468] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  908.733605][T14468] ext4 filesystem being mounted at /176/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  908.928924][ T3634] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.012993][ T5817] Bluetooth: hci4: command tx timeout
[  909.084555][T12495] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  909.145514][ T3634] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.327047][ T3634] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.565147][ T3634] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  909.611972][T14442] bridge0: port 1(bridge_slave_0) entered blocking state
[  909.619764][T14442] bridge0: port 1(bridge_slave_0) entered disabled state
[  909.628130][T14442] bridge_slave_0: entered allmulticast mode
[  909.637368][T14442] bridge_slave_0: entered promiscuous mode
[  909.759406][T14442] bridge0: port 2(bridge_slave_1) entered blocking state
[  909.767431][T14442] bridge0: port 2(bridge_slave_1) entered disabled state
[  909.775360][T14442] bridge_slave_1: entered allmulticast mode
[  909.784826][T14442] bridge_slave_1: entered promiscuous mode
[  909.977767][ T3634] bridge_slave_1: left allmulticast mode
[  909.983980][ T3634] bridge_slave_1: left promiscuous mode
[  909.990789][ T3634] bridge0: port 2(bridge_slave_1) entered disabled state
[  910.031427][ T3634] bridge_slave_0: left allmulticast mode
[  910.039328][ T3634] bridge_slave_0: left promiscuous mode
[  910.046031][ T3634] bridge0: port 1(bridge_slave_0) entered disabled state
[  910.654134][ T3634] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  910.688177][ T3634] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  910.771643][ T3634] bond0 (unregistering): Released all slaves
[  911.021151][T14442] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  911.093364][ T5817] Bluetooth: hci4: command tx timeout
[  911.128463][T14442] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  911.335071][T14507] loop9: detected capacity change from 0 to 256
[  911.342039][T12499] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  911.342746][T14442] team0: Port device team_slave_0 added
[  911.504641][T14442] team0: Port device team_slave_1 added
[  911.505599][T12499] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  911.523910][T12499] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  911.533776][T12499] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  911.561602][T12499] usb 5-1: config 0 descriptor??
[  911.647745][T14507] FAT-fs (loop9): Directory bread(block 64) failed
[  911.654724][T14507] FAT-fs (loop9): Directory bread(block 65) failed
[  911.661746][T14507] FAT-fs (loop9): Directory bread(block 66) failed
[  911.668877][T14507] FAT-fs (loop9): Directory bread(block 67) failed
[  911.678472][T14507] FAT-fs (loop9): Directory bread(block 68) failed
[  911.685537][T14507] FAT-fs (loop9): Directory bread(block 69) failed
[  911.692593][T14507] FAT-fs (loop9): Directory bread(block 70) failed
[  911.701324][T14507] FAT-fs (loop9): Directory bread(block 71) failed
[  911.711704][T14507] FAT-fs (loop9): Directory bread(block 72) failed
[  911.718799][T14507] FAT-fs (loop9): Directory bread(block 73) failed
[  911.826059][T14442] batman_adv: batadv0: Adding interface: batadv_slave_0
[  911.835831][T14442] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  911.862258][    C0] vkms_vblank_simulate: vblank timer overrun
[  911.871635][T14442] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  911.936155][ T3634] hsr_slave_0: left promiscuous mode
[  911.987553][T12499] ath6kl: Failed to read usb control message: -71
[  911.989046][ T3634] hsr_slave_1: left promiscuous mode
[  911.994679][T12499] ath6kl: Unable to read the bmi data from the device: -71
[  912.005234][ T3634] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  912.010340][T12499] ath6kl: Unable to recv target info: -71
[  912.015272][ T3634] batman_adv: batadv0: Removing interface: batadv_slave_0
[  912.075222][T12499] ath6kl: Failed to init ath6kl core: -71
[  912.083301][T12499] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71
[  912.105887][ T3634] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  912.115791][ T3634] batman_adv: batadv0: Removing interface: batadv_slave_1
[  912.149676][T12499] usb 5-1: USB disconnect, device number 13
[  912.229229][ T3634] veth1_macvtap: left promiscuous mode
[  912.236908][ T3634] veth0_macvtap: left promiscuous mode
[  912.243349][ T3634] veth1_vlan: left promiscuous mode
[  912.248930][ T3634] veth0_vlan: left promiscuous mode
[  912.489891][T14516] support for the xor transformation has been removed.
[  913.047500][ T3634] team0 (unregistering): Port device team_slave_1 removed
[  913.099467][ T3634] team0 (unregistering): Port device team_slave_0 removed
[  913.172785][ T5817] Bluetooth: hci4: command tx timeout
[  913.388058][T14442] batman_adv: batadv0: Adding interface: batadv_slave_1
[  913.398049][T14442] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  913.428758][T14442] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  913.897805][T14442] hsr_slave_0: entered promiscuous mode
[  913.916837][T14442] hsr_slave_1: entered promiscuous mode
[  913.928125][T14442] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  913.936067][T14442] Cannot create hsr debugfs directory
[  914.222497][T14534] loop2: detected capacity change from 0 to 128
[  914.314537][T14534] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  914.412868][T14534] ext4 filesystem being mounted at /157/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  914.620428][T14542] loop1: detected capacity change from 0 to 512
[  914.742584][T14542] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  915.042076][T12714] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  915.215998][ T5809] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  915.253108][ T5817] Bluetooth: hci4: command tx timeout
[  915.289581][T14442] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  915.319203][T14442] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  915.373699][T14442] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  915.418693][T14442] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  916.478162][T14442] 8021q: adding VLAN 0 to HW filter on device bond0
[  916.607214][T14442] 8021q: adding VLAN 0 to HW filter on device team0
[  916.691231][ T3660] bridge0: port 1(bridge_slave_0) entered blocking state
[  916.698979][ T3660] bridge0: port 1(bridge_slave_0) entered forwarding state
[  916.737212][T14570] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3678'.
[  916.828748][ T3660] bridge0: port 2(bridge_slave_1) entered blocking state
[  916.836478][ T3660] bridge0: port 2(bridge_slave_1) entered forwarding state
[  917.217448][T14575] netlink: 'syz.2.3681': attribute type 2 has an invalid length.
[  917.266340][T14577] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3692'.
[  917.357429][T14579] netlink: 16 bytes leftover after parsing attributes in process `syz.9.3682'.
[  918.408978][T14442] 8021q: adding VLAN 0 to HW filter on device batadv0
[  918.802300][T14442] veth0_vlan: entered promiscuous mode
[  918.825476][T14600] loop1: detected capacity change from 0 to 2048
[  918.911651][T14442] veth1_vlan: entered promiscuous mode
[  918.992983][T14600] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  919.180705][T14442] veth0_macvtap: entered promiscuous mode
[  919.246048][T14442] veth1_macvtap: entered promiscuous mode
[  919.379231][T14442] batman_adv: batadv0: Interface activated: batadv_slave_0
[  919.400604][ T5809] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  919.463071][T14442] batman_adv: batadv0: Interface activated: batadv_slave_1
[  919.509378][T14442] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  919.519307][T14442] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  919.528687][T14442] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  919.540319][T14442] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  919.543542][T14612] loop2: detected capacity change from 0 to 512
[  919.642873][T14612] EXT4-fs (loop2): orphan cleanup on readonly fs
[  919.664541][T14615] loop9: detected capacity change from 0 to 256
[  919.676390][T14615] exfat: Deprecated parameter 'namecase'
[  919.683394][T14612] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  919.721350][T14612] EXT4-fs error (device loop2): ext4_free_branches:1023: inode #13: comm syz.2.3697: invalid indirect mapped block 2683928664 (level 1)
[  919.793160][T14612] EXT4-fs (loop2): Remounting filesystem read-only
[  919.815722][T14612] EXT4-fs (loop2): 1 truncate cleaned up
[  919.824910][T14612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  919.901182][T14615] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d)
[  920.099540][ T5817] Bluetooth: hci3: unexpected event for opcode 0x0809
[  920.215180][T12714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  920.515507][T14624] IPVS: Error connecting to the multicast addr
[  920.559000][T14629] loop4: detected capacity change from 0 to 128
[  920.625987][T14629] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  920.654433][T14629] ext4 filesystem being mounted at /814/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  920.947407][ T5815] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  921.368496][T14643] loop9: detected capacity change from 0 to 64
[  921.900638][T12499] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  922.099036][T12499] usb 2-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  922.111799][T12499] usb 2-1: config 0 interface 0 has no altsetting 0
[  922.119139][T12499] usb 2-1: New USB device found, idVendor=054c, idProduct=0002, bcdDevice= 0.00
[  922.128849][T12499] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  922.197002][T12499] usb 2-1: config 0 descriptor??
[  922.701008][T12499] sony 0003:054C:0002.0023: unknown main item tag 0x0
[  922.757799][T12499] sony 0003:054C:0002.0023: hidraw0: USB HID v0.05 Device [HID 054c:0002] on usb-dummy_hcd.1-1/input0
[  922.771580][T12499] sony 0003:054C:0002.0023: failed to claim input
[  922.944674][T12499] usb 2-1: USB disconnect, device number 17
[  923.413610][T14679] loop2: detected capacity change from 0 to 256
[  923.542059][ T3634] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  923.553445][ T3634] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  923.619764][T14679] FAT-fs (loop2): Directory bread(block 64) failed
[  923.626750][T14679] FAT-fs (loop2): Directory bread(block 65) failed
[  923.636794][T14679] FAT-fs (loop2): Directory bread(block 66) failed
[  923.642642][T11653] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  923.643666][T14679] FAT-fs (loop2): Directory bread(block 67) failed
[  923.658156][T14679] FAT-fs (loop2): Directory bread(block 68) failed
[  923.667635][T14679] FAT-fs (loop2): Directory bread(block 69) failed
[  923.674928][T14679] FAT-fs (loop2): Directory bread(block 70) failed
[  923.685401][T14679] FAT-fs (loop2): Directory bread(block 71) failed
[  923.694930][T14679] FAT-fs (loop2): Directory bread(block 72) failed
[  923.701734][T14679] FAT-fs (loop2): Directory bread(block 73) failed
[  923.767763][   T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  923.776097][   T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  923.813165][T11653] usb 5-1: Using ep0 maxpacket: 8
[  923.847865][T11653] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  923.859712][T11653] usb 5-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  923.869934][T11653] usb 5-1: config 0 interface 0 has no altsetting 0
[  923.877008][T11653] usb 5-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00
[  923.888200][T11653] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  924.000215][T11653] usb 5-1: config 0 descriptor??
[  924.451400][T11653] lg-g15 0003:046D:C22E.0024: item fetching failed at offset 3/5
[  924.517022][T11653] lg-g15 0003:046D:C22E.0024: probe with driver lg-g15 failed with error -22
[  924.656952][T12499] usb 5-1: USB disconnect, device number 14
[  925.031459][T14692] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3725'.
[  925.481399][T14694] loop3: detected capacity change from 0 to 2048
[  925.598535][T14702] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  925.780952][T14705] loop1: detected capacity change from 0 to 128
[  925.934271][T14705] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  925.984412][T14705] ext4 filesystem being mounted at /794/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  926.057849][T14711] loop2: detected capacity change from 0 to 128
[  926.171758][T14711] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  926.206220][T14711] ext4 filesystem being mounted at /174/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  926.566019][T14720] MPI: mpi too large (30216 bits)
[  926.599025][T12714] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  926.739877][ T5809] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  927.051099][T14726] openvswitch: netlink: Actions may not be safe on all matching packets
[  927.543855][T14734] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3743'.
[  927.974826][T14744] loop1: detected capacity change from 0 to 128
[  928.017596][ T5817] Bluetooth: hci2: unexpected event for opcode 0x0809
[  928.038931][T14744] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  928.115995][T14744] ext4 filesystem being mounted at /797/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  928.270138][T14753] loop4: detected capacity change from 0 to 2048
[  928.379210][T14753] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  928.457572][ T5809] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  928.648195][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  929.173698][T14770] loop9: detected capacity change from 0 to 512
[  929.246810][T14770] EXT4-fs (loop9): orphan cleanup on readonly fs
[  929.306613][T14770] EXT4-fs (loop9): Cannot turn on journaled quota: type 0: error -2
[  929.320222][T14770] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #13: comm syz.9.3759: invalid indirect mapped block 2683928664 (level 1)
[  929.337533][T14770] EXT4-fs (loop9): Remounting filesystem read-only
[  929.359881][T14770] EXT4-fs (loop9): 1 truncate cleaned up
[  929.368119][T14770] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  929.503790][T12495] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  929.755044][T12499] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  929.912918][T12499] usb 5-1: Using ep0 maxpacket: 16
[  929.967836][T12499] usb 5-1: config 0 has an invalid interface number: 69 but max is 0
[  929.976694][T12499] usb 5-1: config 0 has no interface number 0
[  930.046975][T12499] usb 5-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice=f9.c2
[  930.057159][T12499] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  930.068291][T12499] usb 5-1: Product: syz
[  930.073053][T12499] usb 5-1: Manufacturer: syz
[  930.078032][T12499] usb 5-1: SerialNumber: syz
[  930.108295][T14785] loop9: detected capacity change from 0 to 128
[  930.173053][T12499] usb 5-1: config 0 descriptor??
[  930.193631][T14785] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  930.204419][T12499] input: bcm5974 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.69/input/input13
[  930.248924][T14785] ext4 filesystem being mounted at /208/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  930.393853][T12499] usb 5-1: USB disconnect, device number 15
[  930.515675][T14795] IPVS: Error connecting to the multicast addr
[  930.567966][T12495] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  930.839023][T14799] program syz.1.3771 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  930.913141][T14798] ptrace attach of "./syz-executor exec"[14802] was attempted by "./syz-executor exec"[14798]
[  931.755744][T12499] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  931.964554][T12499] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  931.979914][T12499] usb 3-1: config 0 interface 0 has no altsetting 0
[  931.988419][T12499] usb 3-1: New USB device found, idVendor=054c, idProduct=0002, bcdDevice= 0.00
[  931.998227][T12499] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  932.028199][T12499] usb 3-1: config 0 descriptor??
[  932.183461][T11653] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  932.362565][T11653] usb 2-1: Using ep0 maxpacket: 8
[  932.420134][T11653] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  932.429073][T11653] usb 2-1: config 179 has no interface number 0
[  932.435912][T11653] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  932.447749][T11653] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  932.459743][T11653] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  932.471892][T11653] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  932.485471][T11653] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  932.500012][T11653] usb 2-1: config 179 interface 65 has no altsetting 0
[  932.507484][T11653] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  932.516982][T11653] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  932.540414][T12499] sony 0003:054C:0002.0025: unknown main item tag 0x0
[  932.596268][T12499] sony 0003:054C:0002.0025: hidraw0: USB HID v0.05 Device [HID 054c:0002] on usb-dummy_hcd.2-1/input0
[  932.608217][T12499] sony 0003:054C:0002.0025: failed to claim input
[  932.764797][T11653] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input14
[  932.777498][T12499] usb 3-1: USB disconnect, device number 12
[  932.876465][T14832] loop4: detected capacity change from 0 to 512
[  932.923677][T14832] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.3787: bad orphan inode 11
[  932.938764][T14832] ext4_test_bit(bit=10, block=4) = 1
[  932.942587][T10634] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  932.944445][T14832] is_bad_inode(inode)=0
[  932.956787][T14832] NEXT_ORPHAN(inode)=2080374784
[  932.961894][T14832] max_ino=32
[  932.967902][T14832] i_nlink=0
[  932.971507][T14832] EXT4-fs (loop4): 1 truncate cleaned up
[  932.979625][T14832] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  933.111794][T14832] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.3787: bg 0: block 393: padding at end of block bitmap is not set
[  933.113530][T10634] usb 10-1: Using ep0 maxpacket: 16
[  933.170165][T10634] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  933.183255][T10634] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  933.194036][T10634] usb 10-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00
[  933.205157][T10634] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  933.236647][T10634] usb 10-1: config 0 descriptor??
[  933.240512][T12499] usb 2-1: USB disconnect, device number 18
[  933.242611][    C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  933.316841][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  933.648708][T14840] MPI: mpi too large (30216 bits)
[  933.733144][T10634] redragon 0003:0C45:760B.0026: unknown main item tag 0x0
[  933.740998][T10634] redragon 0003:0C45:760B.0026: unknown main item tag 0x0
[  933.748701][T10634] redragon 0003:0C45:760B.0026: unknown main item tag 0x0
[  933.756893][T10634] redragon 0003:0C45:760B.0026: unknown main item tag 0x0
[  933.764687][T10634] redragon 0003:0C45:760B.0026: unknown main item tag 0x0
[  933.837167][T10634] redragon 0003:0C45:760B.0026: hidraw0: USB HID vf8.3f Device [HID 0c45:760b] on usb-dummy_hcd.9-1/input0
[  933.939183][T12499] usb 10-1: USB disconnect, device number 3
[  934.890990][T14861] loop9: detected capacity change from 0 to 512
[  935.018704][T14861] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  935.252098][T14869] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3801'.
[  935.265307][T12495] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  935.380769][T14870] loop4: detected capacity change from 0 to 2048
[  935.394547][T12499] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  935.419982][T14872] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  935.593043][T12499] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  935.606063][T12499] usb 4-1: config 0 interface 0 has no altsetting 0
[  935.613293][T12499] usb 4-1: New USB device found, idVendor=054c, idProduct=0002, bcdDevice= 0.00
[  935.622826][T12499] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  935.749061][T12499] usb 4-1: config 0 descriptor??
[  936.228340][T12499] sony 0003:054C:0002.0027: unknown main item tag 0x0
[  936.289092][T12499] sony 0003:054C:0002.0027: hidraw0: USB HID v0.05 Device [HID 054c:0002] on usb-dummy_hcd.3-1/input0
[  936.304379][T12499] sony 0003:054C:0002.0027: failed to claim input
[  936.489242][T12499] usb 4-1: USB disconnect, device number 6
[  936.860161][T14886] ptrace attach of "./syz-executor exec"[14887] was attempted by "./syz-executor exec"[14886]
[  936.971997][T14892] IPVS: Error connecting to the multicast addr
[  937.715896][T12499] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  937.848688][T14907] loop1: detected capacity change from 0 to 2048
[  937.944047][T12499] usb 10-1: Using ep0 maxpacket: 8
[  937.945513][T14909] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  937.974366][T12499] usb 10-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  937.985935][T12499] usb 10-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  937.998772][T12499] usb 10-1: config 0 interface 0 has no altsetting 0
[  938.006058][T12499] usb 10-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00
[  938.018493][T12499] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  938.062500][T12499] usb 10-1: config 0 descriptor??
[  938.575490][T12499] lg-g15 0003:046D:C22E.0028: item fetching failed at offset 3/5
[  938.602790][T12499] lg-g15 0003:046D:C22E.0028: probe with driver lg-g15 failed with error -22
[  938.694289][T14918] netlink: 328 bytes leftover after parsing attributes in process `syz.2.3826'.
[  938.770087][T10634] usb 10-1: USB disconnect, device number 4
[  939.122564][T11653] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  939.301496][T11653] usb 2-1: Using ep0 maxpacket: 32
[  939.307827][T10634] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  939.352499][T11653] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  939.361875][T11653] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  939.406310][T11653] usb 2-1: config 0 descriptor??
[  939.422560][T11653] gspca_main: sunplus-2.14.0 probing 041e:400b
[  939.531558][T10634] usb 5-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0
[  939.542640][T10634] usb 5-1: config 0 interface 0 has no altsetting 0
[  939.549671][T10634] usb 5-1: New USB device found, idVendor=054c, idProduct=0002, bcdDevice= 0.00
[  939.560755][T10634] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  939.655795][T10634] usb 5-1: config 0 descriptor??
[  940.050145][T11653] gspca_sunplus: reg_r err -71
[  940.055973][T11653] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  940.082560][T14939] program syz.2.3835 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  940.099934][T11653] usb 2-1: USB disconnect, device number 19
[  940.126837][T10634] sony 0003:054C:0002.0029: unknown main item tag 0x0
[  940.146597][T10634] sony 0003:054C:0002.0029: hidraw0: USB HID v0.05 Device [HID 054c:0002] on usb-dummy_hcd.4-1/input0
[  940.159882][T10634] sony 0003:054C:0002.0029: failed to claim input
[  940.338051][T11653] usb 5-1: USB disconnect, device number 16
[  941.575123][T12499] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  941.674876][T14966] tipc: Started in network mode
[  941.680363][T14966] tipc: Node identity 4, cluster identity 4711
[  941.687514][T14966] tipc: Node number set to 4
[  941.742827][T12499] usb 4-1: Using ep0 maxpacket: 8
[  941.776486][T12499] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  941.787872][T12499] usb 4-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  941.800528][T12499] usb 4-1: config 0 interface 0 has no altsetting 0
[  941.811076][T12499] usb 4-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00
[  941.821482][T12499] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  941.892133][T12499] usb 4-1: config 0 descriptor??
[  942.340274][T12499] lg-g15 0003:046D:C22E.002A: item fetching failed at offset 3/5
[  942.369119][T12499] lg-g15 0003:046D:C22E.002A: probe with driver lg-g15 failed with error -22
[  942.556181][T12499] usb 4-1: USB disconnect, device number 7
[  942.796724][T14983] loop9: detected capacity change from 0 to 512
[  942.869484][T14983] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  942.909171][T14983] EXT4-fs (loop9): 1 truncate cleaned up
[  942.917208][T14983] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  943.502568][T12499] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  943.654356][T12495] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  943.691395][T12499] usb 5-1: Using ep0 maxpacket: 32
[  943.735827][    T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  943.765472][T12499] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  943.775186][T12499] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  943.783614][T12499] usb 5-1: Product: syz
[  943.788025][T12499] usb 5-1: Manufacturer: syz
[  943.795558][T12499] usb 5-1: SerialNumber: syz
[  943.864496][T12499] usb 5-1: config 0 descriptor??
[  943.975037][    T9] usb 2-1: Using ep0 maxpacket: 16
[  943.989121][    T9] usb 2-1: config 0 has an invalid interface number: 69 but max is 0
[  943.998097][    T9] usb 2-1: config 0 has no interface number 0
[  944.032506][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice=f9.c2
[  944.044671][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  944.056095][    T9] usb 2-1: Product: syz
[  944.061690][    T9] usb 2-1: Manufacturer: syz
[  944.067042][    T9] usb 2-1: SerialNumber: syz
[  944.135475][    T9] usb 2-1: config 0 descriptor??
[  944.165311][    T9] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.69/input/input15
[  944.321555][T12499] airspy 5-1:0.0: Board ID: 00
[  944.326927][T12499] airspy 5-1:0.0: Firmware version: 
[  944.401760][T11653] usb 2-1: USB disconnect, device number 20
[  944.529629][T12499] airspy 5-1:0.0: usb_control_msg() failed -71 request 11
[  944.559537][T12499] airspy 5-1:0.0: Registered as swradio24
[  944.573434][T12499] airspy 5-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  944.588671][T12499] usb 5-1: USB disconnect, device number 17
[  946.061983][T11678] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  946.084739][T11678] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  946.100525][T11678] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  946.134909][T11678] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  946.150022][T11678] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  946.174950][T12499] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  946.467405][T12499] usb 2-1: Using ep0 maxpacket: 8
[  946.507737][T12499] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  946.522017][T12499] usb 2-1: config 0 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0
[  946.535888][T12499] usb 2-1: config 0 interface 0 has no altsetting 0
[  946.543100][T12499] usb 2-1: New USB device found, idVendor=046d, idProduct=c22e, bcdDevice= 0.00
[  946.552648][T12499] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.589907][T12499] usb 2-1: config 0 descriptor??
[  946.638142][    T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  946.849411][    T9] usb 3-1: Using ep0 maxpacket: 16
[  946.863515][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  946.877408][    T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  946.887846][    T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  946.897698][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  946.916088][    T9] usb 3-1: config 0 descriptor??
[  947.059156][T12499] lg-g15 0003:046D:C22E.002B: item fetching failed at offset 3/5
[  947.077704][T12499] lg-g15 0003:046D:C22E.002B: probe with driver lg-g15 failed with error -22
[  947.190406][T15024] chnl_net:caif_netlink_parms(): no params data found
[  947.295213][T11653] usb 2-1: USB disconnect, device number 21
[  947.396533][    T9] hid-picolcd 0003:04D8:F002.002C: unknown main item tag 0x0
[  947.407168][    T9] hid-picolcd 0003:04D8:F002.002C: unknown main item tag 0x0
[  947.415236][    T9] hid-picolcd 0003:04D8:F002.002C: unknown main item tag 0x0
[  947.423193][    T9] hid-picolcd 0003:04D8:F002.002C: unknown main item tag 0x0
[  947.430978][    T9] hid-picolcd 0003:04D8:F002.002C: unknown main item tag 0x0
[  947.445953][    T9] hid-picolcd 0003:04D8:F002.002C: unknown main item tag 0x0
[  947.555182][    T9] hid-picolcd 0003:04D8:F002.002C: No report with id 0xf3 found
[  947.563517][    T9] hid-picolcd 0003:04D8:F002.002C: No report with id 0xf4 found
[  947.607572][    T9] usb 3-1: USB disconnect, device number 13
[  947.912739][T11653] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  948.008040][T15047] ieee802154 phy0 wpan0: encryption failed: -22
[  948.102915][T11653] usb 4-1: Using ep0 maxpacket: 16
[  948.125038][T11653] usb 4-1: config 0 has an invalid interface number: 69 but max is 0
[  948.134103][T11653] usb 4-1: config 0 has no interface number 0
[  948.207193][T11653] usb 4-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice=f9.c2
[  948.217025][T11653] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  948.225575][T11653] usb 4-1: Product: syz
[  948.229990][T11653] usb 4-1: Manufacturer: syz
[  948.235132][T11653] usb 4-1: SerialNumber: syz
[  948.243280][T11678] Bluetooth: hci1: command tx timeout
[  948.248187][T15024] bridge0: port 1(bridge_slave_0) entered blocking state
[  948.261116][T15024] bridge0: port 1(bridge_slave_0) entered disabled state
[  948.269243][T15024] bridge_slave_0: entered allmulticast mode
[  948.281070][T15024] bridge_slave_0: entered promiscuous mode
[  948.284341][T11653] usb 4-1: config 0 descriptor??
[  948.305560][T11653] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.69/input/input16
[  948.473501][T15024] bridge0: port 2(bridge_slave_1) entered blocking state
[  948.481194][T15024] bridge0: port 2(bridge_slave_1) entered disabled state
[  948.491714][T15024] bridge_slave_1: entered allmulticast mode
[  948.501403][T15024] bridge_slave_1: entered promiscuous mode
[  948.556673][T11653] usb 4-1: USB disconnect, device number 8
[  948.711735][T15024] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  948.740462][T15024] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  948.952942][T15024] team0: Port device team_slave_0 added
[  948.998918][T15024] team0: Port device team_slave_1 added
[  949.349518][T15024] batman_adv: batadv0: Adding interface: batadv_slave_0
[  949.357070][T15024] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  949.389419][T15024] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  949.501355][T15024] batman_adv: batadv0: Adding interface: batadv_slave_1
[  949.509125][T15024] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  949.539020][T15024] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  949.939379][T15024] hsr_slave_0: entered promiscuous mode
[  949.949336][T15024] hsr_slave_1: entered promiscuous mode
[  949.958291][T15024] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  949.968551][T15024] Cannot create hsr debugfs directory
[  950.297318][T11678] Bluetooth: hci1: command tx timeout
[  950.931902][T15083] loop4: detected capacity change from 0 to 512
[  951.069895][T15083] EXT4-fs (loop4): 1 orphan inode deleted
[  951.080415][T15083] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  951.105768][   T57] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  951.116413][   T57] EXT4-fs error (device loop4): ext4_release_dquot:6969: comm kworker/u8:3: Failed to release dquot type 1
[  951.141190][T15083] ext4 filesystem being mounted at /860/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  951.407670][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  951.485069][    T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  951.611732][T15024] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  951.643018][T15024] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  951.665206][    T9] usb 3-1: Using ep0 maxpacket: 16
[  951.683828][T15024] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  951.685830][    T9] usb 3-1: config 0 has an invalid interface number: 69 but max is 0
[  951.702587][    T9] usb 3-1: config 0 has no interface number 0
[  951.759849][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0274, bcdDevice=f9.c2
[  951.769531][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  951.777950][    T9] usb 3-1: Product: syz
[  951.779572][T15024] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  951.784858][    T9] usb 3-1: Manufacturer: syz
[  951.794347][    T9] usb 3-1: SerialNumber: syz
[  951.915121][    T9] usb 3-1: config 0 descriptor??
[  951.936003][    T9] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.69/input/input18
[  951.975376][T15099] loop3: detected capacity change from 0 to 8
[  952.034841][T15099] SQUASHFS error: xz decompression failed, data probably corrupt
[  952.048180][T15099] SQUASHFS error: Failed to read block 0x108: -5
[  952.058323][T15099] SQUASHFS error: Unable to read metadata cache entry [106]
[  952.066104][T15099] SQUASHFS error: Unable to read inode 0x11f
[  952.186664][    T9] usb 3-1: USB disconnect, device number 14
[  952.380870][T11678] Bluetooth: hci1: command tx timeout
[  952.608201][T12499] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  952.667694][T15024] 8021q: adding VLAN 0 to HW filter on device bond0
[  952.808000][T15024] 8021q: adding VLAN 0 to HW filter on device team0
[  952.842668][T12499] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  952.856715][T12499] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  952.869705][T12499] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33119, setting to 1024
[  952.882460][T12499] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 1024
[  952.929263][   T57] bridge0: port 1(bridge_slave_0) entered blocking state
[  952.937018][   T57] bridge0: port 1(bridge_slave_0) entered forwarding state
[  953.036695][   T57] bridge0: port 2(bridge_slave_1) entered blocking state
[  953.044315][   T57] bridge0: port 2(bridge_slave_1) entered forwarding state
[  953.059111][T12499] usb 4-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  953.071478][T12499] usb 4-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  953.081117][T12499] usb 4-1: Manufacturer: syz
[  953.164526][T12499] usb 4-1: config 0 descriptor??
[  953.180131][T15099] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  953.255483][T12499] smsusb:smsusb_probe: board id=9, interface number 0
[  953.357850][T12499] smsusb:siano_media_device_register: media controller created
[  953.368860][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.376520][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.385573][T12499] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[  953.400820][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.401056][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.401280][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.401491][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.401707][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.401918][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.402124][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.402343][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  953.470449][T12499] smsmdtv:smscore_set_device_mode: mode detect failed -22
[  953.486083][T12499] smsmdtv:smscore_start_device: set device mode failed , rc -22
[  953.495819][T12499] smsusb:smsusb_init_device: smscore_start_device(...) failed
[  953.510547][T12499] ------------[ cut here ]------------
[  953.518961][T12499] WARNING: CPU: 0 PID: 12499 at mm/slub.c:4753 free_large_kmalloc+0x2ee/0x330
[  953.528557][T12499] Modules linked in:
[  953.532920][T12499] CPU: 0 UID: 0 PID: 12499 Comm: kworker/0:4 Tainted: G        W           6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(none) 
[  953.549945][T12499] Tainted: [W]=WARN
[  953.554141][T12499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  953.564843][T12499] Workqueue: usb_hub_wq hub_event
[  953.570301][T12499] RIP: 0010:free_large_kmalloc+0x2ee/0x330
[  953.583647][T12499] Code: ff ff ff e8 b4 8e 13 00 41 81 ff 00 00 00 f8 0f 84 ca fd ff ff eb 12 e8 a0 8e 13 00 41 81 ff 00 00 00 f8 0f 84 ff fd ff ff 90 <0f> 0b 90 48 8b 7d c8 48 c7 c6 60 14 e6 91 e8 8f 50 e3 ff e9 0a ff
[  953.608009][T12499] RSP: 0018:ffff8880548829e8 EFLAGS: 00010206
[  953.614596][T12499] RAX: 0000000000000000 RBX: ffffea00013a5600 RCX: 00000000f8ffffff
[  953.623080][T12499] RDX: ffffffff954da000 RSI: 0000000000000001 RDI: 0000000000000000
[  953.631546][T12499] RBP: ffff888054882a40 R08: ffffea000000000f R09: 0000000000000000
[  953.642806][T12499] R10: ffff88802e905600 R11: ffffffff81d3edf0 R12: 0000000000000000
[  953.651263][T12499] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000ff000000
[  953.659840][T12499] FS:  0000000000000000(0000) GS:ffff8881aa862000(0000) knlGS:0000000000000000
[  953.669257][T12499] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  953.678595][T12499] CR2: 000000005758e4c0 CR3: 0000000053fe4000 CR4: 00000000003526f0
[  953.691796][T12499] Call Trace:
[  953.696680][T12499]  <TASK>
[  953.699837][T12499]  kfree+0x64b/0xec0
[  953.706731][T12499]  ? usb_free_urb+0x125/0x150
[  953.711740][T12499]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  953.718822][T12499]  ? kmsan_get_metadata+0xfb/0x160
[  953.724405][T12499]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  953.730545][T12499]  usb_free_urb+0x125/0x150
[  953.737942][T12499]  smsusb_term_device+0x350/0x700
[  953.743511][T12499]  smsusb_probe+0x2cf0/0x36c0
[  953.748656][T12499]  ? __pfx_smsusb_sendrequest+0x10/0x10
[  953.754684][T12499]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  953.760863][T12499]  ? __pfx_smsusb_probe+0x10/0x10
[  953.768879][T12499]  usb_probe_interface+0xd04/0x1310
[  953.774600][T12499]  ? __pfx_usb_probe_interface+0x10/0x10
[  953.785440][T12499]  really_probe+0x4d4/0xd90
[  953.791615][T12499]  __driver_probe_device+0x268/0x380
[  953.799765][T12499]  driver_probe_device+0x70/0x8b0
[  953.805213][T12499]  ? kmsan_get_metadata+0xfb/0x160
[  953.810691][T12499]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  953.816909][T12499]  __device_attach_driver+0x4ee/0x950
[  953.825163][T12499]  bus_for_each_drv+0x3e0/0x680
[  953.830508][T12499]  ? __pfx___device_attach_driver+0x10/0x10
[  953.837310][T12499]  __device_attach+0x3c8/0x5c0
[  953.842725][T12499]  device_initial_probe+0x33/0x40
[  953.848129][T12499]  bus_probe_device+0x3ba/0x5e0
[  953.855938][T12499]  device_add+0x12a9/0x1c10
[  953.860918][T12499]  usb_set_configuration+0x3493/0x3b70
[  953.867211][T12499]  usb_generic_driver_probe+0xfc/0x290
[  953.873334][T12499]  ? __pfx_usb_generic_driver_probe+0x10/0x10
[  953.879728][T12499]  usb_probe_device+0x38a/0x690
[  953.891955][T12499]  ? __pfx_usb_probe_device+0x10/0x10
[  953.899100][T12499]  really_probe+0x4d4/0xd90
[  953.904364][T12499]  __driver_probe_device+0x268/0x380
[  953.910077][T12499]  driver_probe_device+0x70/0x8b0
[  953.917981][T12499]  ? kmsan_get_metadata+0xfb/0x160
[  953.923630][T12499]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  953.929848][T12499]  __device_attach_driver+0x4ee/0x950
[  953.935778][T12499]  bus_for_each_drv+0x3e0/0x680
[  953.941027][T12499]  ? __pfx___device_attach_driver+0x10/0x10
[  953.949765][T12499]  __device_attach+0x3c8/0x5c0
[  953.955103][T12499]  device_initial_probe+0x33/0x40
[  953.960502][T12499]  bus_probe_device+0x3ba/0x5e0
[  953.965893][T12499]  device_add+0x12a9/0x1c10
[  953.970697][T12499]  usb_new_device+0x104b/0x20c0
[  953.978489][T12499]  hub_event+0x54e0/0x7620
[  953.983457][T12499]  ? pwq_dec_nr_in_flight+0x1678/0x1d80
[  953.994103][T12499]  ? __pfx_hub_event+0x10/0x10
[  953.999305][T12499]  process_scheduled_works+0xb91/0x1d80
[  954.009308][T12499]  worker_thread+0xedf/0x1590
[  954.014456][T12499]  kthread+0xd59/0xf00
[  954.018800][T12499]  ? __pfx_worker_thread+0x10/0x10
[  954.024477][T12499]  ? __pfx_kthread+0x10/0x10
[  954.029381][T12499]  ret_from_fork+0x1e0/0x310
[  954.037328][T12499]  ? __pfx_kthread+0x10/0x10
[  954.042691][T12499]  ret_from_fork_asm+0x1a/0x30
[  954.047827][T12499]  </TASK>
[  954.051142][T12499] ---[ end trace 0000000000000000 ]---
[  954.057023][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ede2
[  954.068639][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.076325][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.085349][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.101426][T12499] raw: ffffea000137d6a0 ffffea00013916a0
[  954.108860][T12499] page dumped because: Not a kmalloc allocation
[  954.115990][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3ede0
[  954.127735][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.135649][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.144843][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.156251][T12499] raw: ffffea000137d600 ffffea0001391600
[  954.162331][T12499] page dumped because: Not a kmalloc allocation
[  954.169366][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3edde
[  954.178814][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.188994][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.202681][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.213001][T12499] raw: ffffea000137d560 ffffea0001391560
[  954.218858][T12499] page dumped because: Not a kmalloc allocation
[  954.228673][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3eddc
[  954.237856][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.245534][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.257244][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.266242][T12499] raw: ffffea000137d4c0 ffffea00013914c0
[  954.272482][T12499] page dumped because: Not a kmalloc allocation
[  954.279612][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3edda
[  954.291339][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.303570][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.316370][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.325555][T12499] raw: ffffea000137d420 ffffea0001391420
[  954.331406][T12499] page dumped because: Not a kmalloc allocation
[  954.338583][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3edd8
[  954.350191][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.357933][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.367007][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.378480][T12499] raw: ffffea000137d380 ffffea0001391380
[  954.384462][T12499] page dumped because: Not a kmalloc allocation
[  954.391492][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3edd6
[  954.404975][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.416067][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.425627][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.434593][T12499] raw: ffffea000137d2e0 ffffea00013912e0
[  954.440579][T12499] page dumped because: Not a kmalloc allocation
[  954.448577][T15120] vim2m vim2m.0: vidioc_s_fmt queue busy
[  954.453823][T11678] Bluetooth: hci1: command tx timeout
[  954.455836][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3edd4
[  954.469843][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.480680][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.489711][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.503085][T12499] raw: ffffea000137d240 ffffea0001391240
[  954.512926][T12499] page dumped because: Not a kmalloc allocation
[  954.519945][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3edd2
[  954.529281][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.539452][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.548512][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.558228][T12499] raw: ffffea000137d1a0 ffffea00013911a0
[  954.566760][T12499] page dumped because: Not a kmalloc allocation
[  954.573991][T12499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3edd0
[  954.583193][T12499] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  954.590753][T12499] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  954.592930][T15118] loop4: detected capacity change from 0 to 512
[  954.606777][T12499] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  954.606889][T12499] raw: ffffea000137d100 ffffea0001391100
[  954.606954][T12499] page dumped because: Not a kmalloc allocation
[  954.810830][T12499] smsusb:smsusb_probe: Device initialized with return code -22
[  954.921215][T12499] smsusb 4-1:0.0: probe with driver smsusb failed with error -22
[  954.941373][T12499] usb 4-1: USB disconnect, device number 9
[  954.969817][T15118] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  955.055764][T15118] EXT4-fs (loop4): 1 truncate cleaned up
[  955.063891][T15118] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  955.222841][T15118] EXT4-fs error (device loop4): ext4_get_verity_descriptor_location:298: inode #15: comm syz.4.3914: verity file has no extents
[  955.279925][T15024] 8021q: adding VLAN 0 to HW filter on device batadv0
[  955.288891][T15118] fs-verity (loop4, inode 15): Error -117 getting verity descriptor size
[  955.930550][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  956.714237][ T1287] ieee802154 phy0 wpan0: encryption failed: -22
[  957.360578][T15160] ieee802154 phy0 wpan0: encryption failed: -22
[  957.484198][T15024] veth0_vlan: entered promiscuous mode
[  957.559095][T15024] veth1_vlan: entered promiscuous mode
[  957.751928][T15166] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3932'.
[  957.949292][T15024] veth0_macvtap: entered promiscuous mode
[  957.950162][T15170] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3934'.
[  957.995864][T15170] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3934'.
[  958.008007][T15170] netlink: 104 bytes leftover after parsing attributes in process `syz.1.3934'.
[  958.013481][T15024] veth1_macvtap: entered promiscuous mode
[  958.115679][T15024] batman_adv: batadv0: Interface activated: batadv_slave_0
[  958.180468][T15024] batman_adv: batadv0: Interface activated: batadv_slave_1
[  958.233146][T15024] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  958.242633][T15024] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  958.251609][T15024] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  958.260979][T15024] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  959.023000][T11653] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  959.192815][T11653] usb 3-1: Using ep0 maxpacket: 32
[  959.216333][T11653] usb 3-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  959.227251][T11653] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  959.265989][T11653] usb 3-1: config 0 descriptor??
[  959.296086][T11653] gspca_main: sunplus-2.14.0 probing 041e:400b
[  959.945327][T11653] gspca_sunplus: reg_r err -71
[  959.950600][T11653] sunplus 3-1:0.0: probe with driver sunplus failed with error -71
[  960.007853][T11653] usb 3-1: USB disconnect, device number 15
[  960.244048][T10634] IPVS: starting estimator thread 0...
[  960.344446][T15198] IPVS: using max 240 ests per chain, 12000 per kthread
[  960.640912][T15202] loop4: detected capacity change from 0 to 512
[  960.761621][T15202] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e042c118, mo2=0002]
[  960.776660][T15202] System zones: 1-12
[  960.824149][T15202] EXT4-fs error (device loop4): ext4_iget_extra_inode:5035: inode #15: comm syz.4.3943: corrupted in-inode xattr: e_value size too large
[  960.923666][T15202] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.3943: couldn't read orphan inode 15 (err -117)
[  960.989759][T15202] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  961.323264][T12499] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  961.325133][T15216] loop1: detected capacity change from 0 to 256
[  961.375474][T15216] exfat: Deprecated parameter 'namecase'
[  961.381584][T15216] exfat: Deprecated parameter 'namecase'
[  961.503720][T12499] usb 3-1: Using ep0 maxpacket: 32
[  961.541906][T12499] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  961.551665][T12499] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  961.566228][T12499] usb 3-1: Product: syz
[  961.570729][T12499] usb 3-1: Manufacturer: syz
[  961.576671][T12499] usb 3-1: SerialNumber: syz
[  961.641477][T15216] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d)
[  961.678992][T12499] usb 3-1: config 0 descriptor??
[  961.945817][ T5872] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  961.954966][ T5815] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  962.112821][ T5872] usb 4-1: Using ep0 maxpacket: 16
[  962.158251][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  962.172489][ T5872] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  962.186079][ T5872] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  962.199828][ T5872] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  962.225181][T12499] airspy 3-1:0.0: Board ID: 00
[  962.230238][T12499] airspy 3-1:0.0: Firmware version: 
[  962.306782][T15225] program syz.4.3950 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  962.329113][ T5872] usb 4-1: config 0 descriptor??
[  962.407976][T12499] airspy 3-1:0.0: usb_control_msg() failed -71 request 11
[  962.449951][T12499] airspy 3-1:0.0: Registered as swradio24
[  962.458415][T12499] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  962.478828][T12499] usb 3-1: USB disconnect, device number 16
[  962.549126][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  962.557461][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  962.734343][ T1100] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  962.742871][ T1100] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  962.859868][ T5872] hid-picolcd 0003:04D8:F002.002D: unknown main item tag 0x0
[  962.868046][ T5872] hid-picolcd 0003:04D8:F002.002D: unknown main item tag 0x0
[  962.876035][ T5872] hid-picolcd 0003:04D8:F002.002D: unknown main item tag 0x0
[  962.886466][ T5872] hid-picolcd 0003:04D8:F002.002D: unknown main item tag 0x0
[  962.899248][ T5872] hid-picolcd 0003:04D8:F002.002D: unknown main item tag 0x0
[  962.908328][ T5872] hid-picolcd 0003:04D8:F002.002D: unknown main item tag 0x0
[  963.013493][ T5872] hid-picolcd 0003:04D8:F002.002D: No report with id 0xf3 found
[  963.021704][ T5872] hid-picolcd 0003:04D8:F002.002D: No report with id 0xf4 found
[  963.078357][ T5872] usb 4-1: USB disconnect, device number 10
[  963.485755][T15237] loop1: detected capacity change from 0 to 8
[  963.517047][T15237] SQUASHFS error: xz decompression failed, data probably corrupt
[  963.528339][T15237] SQUASHFS error: Failed to read block 0x108: -5
[  963.535208][T15237] SQUASHFS error: Unable to read metadata cache entry [106]
[  963.542890][T15237] SQUASHFS error: Unable to read inode 0x11f
[  963.791488][T12499] IPVS: starting estimator thread 0...
[  963.885794][T15242] IPVS: using max 240 ests per chain, 12000 per kthread
[  963.893261][ T5872] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  964.079449][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  964.090053][ T5872] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  964.102728][ T5872] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33119, setting to 1024
[  964.114576][ T5872] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 1024
[  964.269821][ T5872] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  964.282277][ T5872] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  964.291052][ T5872] usb 2-1: Manufacturer: syz
[  964.377248][ T5872] usb 2-1: config 0 descriptor??
[  964.385765][T15237] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  964.419733][ T5872] smsusb:smsusb_probe: board id=9, interface number 0
[  964.457961][ T5872] smsusb:siano_media_device_register: media controller created
[  964.469549][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.477193][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.487876][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.495575][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.503641][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.511211][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.521665][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.529689][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.537812][ T5872] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[  964.552994][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.553234][    C0] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  964.571376][ T5872] smsmdtv:smscore_set_device_mode: mode detect failed -22
[  964.580366][ T5872] smsmdtv:smscore_start_device: set device mode failed , rc -22
[  964.591855][ T5872] smsusb:smsusb_init_device: smscore_start_device(...) failed
[  964.606110][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62262
[  964.618022][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  964.626159][ T5872] raw: 00fff00000000000 0000000000000000 ffffea0001eabeb0 0000000000000000
[  964.639897][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  964.652475][ T5872] raw: ffffea0001e83ea0 ffffea0001e97ea0
[  964.658503][ T5872] page dumped because: Not a kmalloc allocation
[  964.665654][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62260
[  964.677146][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  964.684773][ T5872] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  964.693986][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  964.705418][ T5872] raw: ffffea0001e83e00 ffffea0001e97e00
[  964.711448][ T5872] page dumped because: Not a kmalloc allocation
[  964.718623][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6225e
[  964.727848][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  964.737748][ T5872] raw: 00fff00000000000 0000000000000000 ffffea0001eabd68 0000000000000000
[  964.751246][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  964.761591][ T5872] raw: ffffea0001e83d60 ffffea0001e97d60
[  964.770107][ T5872] page dumped because: Not a kmalloc allocation
[  964.777492][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6225c
[  964.786810][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  964.796791][ T5872] raw: 00fff00000000000 0000000000000000 ffffea0001eabcc8 0000000000000000
[  964.805933][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  964.814857][ T5872] raw: ffffea0001e83cc0 ffffea0001e97cc0
[  964.820692][ T5872] page dumped because: Not a kmalloc allocation
[  964.830183][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x6225a
[  964.839463][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  964.851341][ T5872] raw: 00fff00000000000 0000000000000000 ffffea0001eabc30 0000000000000000
[  964.864155][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  964.873214][ T5872] raw: ffffea0001e83c20 ffffea0001e97c20
[  964.879132][ T5872] page dumped because: Not a kmalloc allocation
[  964.886325][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62258
[  964.898000][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  964.905708][ T5872] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  964.914724][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  964.926090][ T5872] raw: ffffea0001e83b80 ffffea0001e97b80
[  964.931947][ T5872] page dumped because: Not a kmalloc allocation
[  964.939296][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62256
[  964.952855][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  964.964421][ T5872] raw: 00fff00000000000 0000000000000000 ffffea0001eabae8 0000000000000000
[  964.973581][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  964.982584][ T5872] raw: ffffea0001e83ae0 ffffea0001e97ae0
[  964.988602][ T5872] page dumped because: Not a kmalloc allocation
[  964.998137][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62254
[  965.007441][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  965.015252][ T5872] raw: 00fff00000000000 0000000000000000 ffffea0001eaba48 0000000000000000
[  965.026789][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  965.035983][ T5872] raw: ffffea0001e83a40 ffffea0001e97a40
[  965.042836][ T5872] page dumped because: Not a kmalloc allocation
[  965.058239][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62252
[  965.067608][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  965.075383][ T5872] raw: 00fff00000000000 0000000000000000 ffffea0001eab9b0 0000000000000000
[  965.086702][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  965.095817][ T5872] raw: ffffea0001e839a0 ffffea0001e979a0
[  965.101663][ T5872] page dumped because: Not a kmalloc allocation
[  965.109391][ T5872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x62250
[  965.121091][ T5872] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  965.128809][ T5872] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  965.137776][ T5872] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  965.149427][ T5872] raw: ffffea0001e83900 ffffea0001e97900
[  965.159928][ T5872] page dumped because: Not a kmalloc allocation
[  965.171870][ T5872] smsusb:smsusb_probe: Device initialized with return code -22
[  965.313694][ T5872] smsusb 2-1:0.0: probe with driver smsusb failed with error -22
[  965.332098][ T5872] usb 2-1: USB disconnect, device number 22
[  966.089342][T15268] loop2: detected capacity change from 0 to 512
[  966.110798][T15269] loop3: detected capacity change from 0 to 512
[  966.160672][T15271] netlink: 'syz.4.3969': attribute type 2 has an invalid length.
[  966.183007][T15268] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  966.206860][ T5872] usb 2-1: new high-speed USB device number 23 using dummy_hcd
[  966.268219][T15268] EXT4-fs (loop2): 1 truncate cleaned up
[  966.281106][T15268] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  966.390806][ T5872] usb 2-1: Using ep0 maxpacket: 32
[  966.420266][T15275] loop7: detected capacity change from 0 to 2048
[  966.449573][ T5872] usb 2-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  966.461546][ T5872] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  966.470439][ T5872] usb 2-1: Product: syz
[  966.475050][ T5872] usb 2-1: Manufacturer: syz
[  966.483185][ T5872] usb 2-1: SerialNumber: syz
[  966.530690][ T5872] usb 2-1: config 0 descriptor??
[  966.619127][T15275] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  966.818241][T12714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  966.961770][ T5872] airspy 2-1:0.0: Board ID: 00
[  966.970828][ T5872] airspy 2-1:0.0: Firmware version: 
[  967.172103][ T5872] airspy 2-1:0.0: usb_control_msg() failed -71 request 11
[  967.203857][ T5872] airspy 2-1:0.0: Registered as swradio24
[  967.210044][ T5872] airspy 2-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  967.304377][ T5872] usb 2-1: USB disconnect, device number 23
[  967.915833][   T30] audit: type=1326 audit(1753297872.765:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15291 comm="syz.2.3977" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x0
[  967.943113][T15296] loop4: detected capacity change from 0 to 128
[  968.037720][T15296] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  968.101265][T15296] ext4 filesystem being mounted at /880/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  968.240580][ T5815] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  968.800682][T15312] loop7: detected capacity change from 0 to 128
[  968.820887][   T30] audit: type=1326 audit(1753297873.675:132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15309 comm="syz.3.3985" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  968.843211][    C0] vkms_vblank_simulate: vblank timer overrun
[  968.855765][   T30] audit: type=1326 audit(1753297873.675:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15309 comm="syz.3.3985" exe="/root/syz-executor" sig=0 arch=40000003 syscall=77 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  968.880622][   T30] audit: type=1326 audit(1753297873.675:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15309 comm="syz.3.3985" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff1539 code=0x7ffc0000
[  968.952024][T15312] EXT4-fs: Ignoring removed nobh option
[  969.031965][T15312] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  969.077600][T15312] ext4 filesystem being mounted at /8/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  969.197192][T15312] EXT4-fs (loop7): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 ro.
[  969.259265][T15319] EXT4-fs (loop7): re-mounted 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w.
[  969.431767][T15024] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  969.581595][T15323] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3990'.
[  969.654466][T15324] loop2: detected capacity change from 0 to 512
[  969.830866][T15329] loop4: detected capacity change from 0 to 64
[  969.924559][T15324] EXT4-fs (loop2): 1 orphan inode deleted
[  969.935471][T15324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  969.978227][   T12] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  969.988960][   T12] EXT4-fs error (device loop2): ext4_release_dquot:6969: comm kworker/u8:0: Failed to release dquot type 1
[  970.089539][T15324] ext4 filesystem being mounted at /230/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  970.397260][T12714] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  970.704283][T15338] loop1: detected capacity change from 0 to 2048
[  970.722578][ T5872] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  970.735197][T15338] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  970.830829][T15338] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  970.892902][ T5872] usb 4-1: Using ep0 maxpacket: 32
[  970.947235][ T5872] usb 4-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f
[  970.957174][ T5872] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  970.968188][ T5872] usb 4-1: Product: syz
[  970.972754][ T5872] usb 4-1: Manufacturer: syz
[  970.977610][ T5872] usb 4-1: SerialNumber: syz
[  971.045535][ T5872] usb 4-1: config 0 descriptor??
[  971.306108][T15350] loop2: detected capacity change from 0 to 64
[  971.318811][T15350] hfs: unable to locate alternate MDB
[  971.325375][T15350] hfs: continuing without an alternate MDB
[  971.518483][ T5872] airspy 4-1:0.0: Board ID: 00
[  971.524762][ T5872] airspy 4-1:0.0: Firmware version: 
[  971.728438][ T5872] airspy 4-1:0.0: usb_control_msg() failed -71 request 11
[  971.757621][ T5872] airspy 4-1:0.0: Registered as swradio24
[  971.766535][ T5872] airspy 4-1:0.0: SDR API is still slightly experimental and functionality changes may follow
[  971.810797][ T5872] usb 4-1: USB disconnect, device number 11
[  971.879725][T15354] loop7: detected capacity change from 0 to 8
[  971.976350][T15354] SQUASHFS error: xz decompression failed, data probably corrupt
[  971.985157][T15354] SQUASHFS error: Failed to read block 0x108: -5
[  971.991800][T15354] SQUASHFS error: Unable to read metadata cache entry [106]
[  971.999765][T15354] SQUASHFS error: Unable to read inode 0x11f
[  972.001518][T15356] loop2: detected capacity change from 0 to 256
[  972.076161][T15356] exfat: Deprecated parameter 'namecase'
[  972.082472][T15356] exfat: Deprecated parameter 'namecase'
[  972.181885][T15356] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xfcc0b04e, utbl_chksum : 0xe619d30d)
[  972.389033][T15362] loop4: detected capacity change from 0 to 256
[  972.396366][T10634] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  972.477106][T15362] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  972.487659][T15364] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4007'.
[  972.590034][T10634] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  972.600494][T10634] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  972.610746][T10634] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33119, setting to 1024
[  972.625715][T10634] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 1024
[  972.759093][T10634] usb 8-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72
[  972.768909][T10634] usb 8-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0
[  972.778075][T10634] usb 8-1: Manufacturer: syz
[  972.813655][T10634] usb 8-1: config 0 descriptor??
[  972.822604][T15354] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  972.851379][T10634] smsusb:smsusb_probe: board id=9, interface number 0
[  972.922858][T10634] smsusb:siano_media_device_register: media controller created
[  972.939539][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  972.947326][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  972.955655][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  972.963249][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  972.971420][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  972.979020][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  972.987409][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  972.995106][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  973.003184][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  973.011120][    C1] smsusb:smsusb_onresponse: error, urb status -71, 0 bytes
[  973.019090][T10634] smsmdtv:smscore_sendrequest_and_wait: sendrequest returned error -22
[  973.028668][T10634] smsmdtv:smscore_set_device_mode: mode detect failed -22
[  973.040686][T10634] smsmdtv:smscore_start_device: set device mode failed , rc -22
[  973.050305][T10634] smsusb:smsusb_init_device: smscore_start_device(...) failed
[  973.064381][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff62
[  973.073681][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.081119][T10634] raw: 00fff00000000000 0000000000000000 ffffea0001dfceb0 0000000000000000
[  973.090285][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.099465][T10634] raw: ffffea0001dd4ea0 ffffea0001de8ea0
[  973.105960][T10634] page dumped because: Not a kmalloc allocation
[  973.113233][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff60
[  973.122576][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.130002][T10634] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  973.143870][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.154141][T10634] raw: ffffea0001dd4e00 ffffea0001de8e00
[  973.159990][T10634] page dumped because: Not a kmalloc allocation
[  973.167276][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff5e
[  973.176647][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.184262][T10634] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  973.193270][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.202354][T10634] raw: ffffea0001dd4d60 ffffea0001de8d60
[  973.208308][T10634] page dumped because: Not a kmalloc allocation
[  973.215639][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff5c
[  973.224923][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.233505][T10634] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  973.247129][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.257465][T10634] raw: ffffea0001dd4cc0 ffffea0001de8cc0
[  973.263451][T10634] page dumped because: Not a kmalloc allocation
[  973.270438][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff5a
[  973.279698][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.287338][T10634] raw: 00fff00000000000 0000000000000000 ffffea0001dfcc30 0000000000000000
[  973.296460][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.307366][T10634] raw: ffffea0001dd4c20 ffffea0001de8c20
[  973.313488][T10634] page dumped because: Not a kmalloc allocation
[  973.320683][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff58
[  973.331275][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.339827][T10634] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  973.354645][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.364879][T10634] raw: ffffea0001dd4b80 ffffea0001de8b80
[  973.370837][T10634] page dumped because: Not a kmalloc allocation
[  973.378087][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff56
[  973.387529][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.395154][T10634] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  973.404476][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.413635][T10634] raw: ffffea0001dd4ae0 ffffea0001de8ae0
[  973.419508][T10634] page dumped because: Not a kmalloc allocation
[  973.426900][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff54
[  973.436187][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.448275][T10634] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  973.458690][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.467750][T10634] raw: ffffea0001dd4a40 ffffea0001de8a40
[  973.473803][T10634] page dumped because: Not a kmalloc allocation
[  973.480887][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff52
[  973.490260][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.499723][T10634] raw: 00fff00000000000 0000000000000000 ffffea0001dfc9b0 0000000000000000
[  973.508860][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.517840][T10634] raw: ffffea0001dd49a0 ffffea0001de89a0
[  973.524355][T10634] page dumped because: Not a kmalloc allocation
[  973.531489][T10634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ff50
[  973.540664][T10634] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  973.552624][T10634] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000
[  973.561678][T10634] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
[  973.562383][T15370] loop1: detected capacity change from 0 to 512
[  973.571990][T10634] raw: ffffea0001dd4900 ffffea0001de8900
[  973.582999][T10634] page dumped because: Not a kmalloc allocation
[  973.616992][T10634] smsusb:smsusb_probe: Device initialized with return code -22
[  973.778030][T10634] smsusb 8-1:0.0: probe with driver smsusb failed with error -22
[  973.794201][T15374] loop4: detected capacity change from 0 to 512
[  973.868018][T15370] EXT4-fs (loop1): 1 orphan inode deleted
[  973.876468][T15370] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  973.890684][ T3612] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[  973.903634][ T3612] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u8:10: Failed to release dquot type 1
[  973.921352][T15370] ext4 filesystem being mounted at /856/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  973.921476][T10634] usb 8-1: USB disconnect, device number 4
[  974.273625][ T5809] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  975.324509][T15396] loop7: detected capacity change from 0 to 4096
[  975.457770][T15402] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  976.211438][T15413] program syz.4.4031 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  976.288200][T15416] loop2: detected capacity change from 0 to 128
[  976.388838][T15416] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  976.485233][T15416] ext4 filesystem being mounted at /235/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  976.779468][T15425] loop7: detected capacity change from 0 to 64
[  976.854707][T12714] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  977.116251][T15431] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd
[  979.297187][T15468] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4055'.
[  979.309718][T15468] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  979.815646][T15474] netlink: 76 bytes leftover after parsing attributes in process `syz.4.4058'.
[  980.339032][T15487] loop1: detected capacity change from 0 to 64
[  981.198281][T15498] loop1: detected capacity change from 0 to 512
[  981.297874][T15498] EXT4-fs warning (device loop1): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  981.312970][T15498] EXT4-fs warning (device loop1): dx_probe:849: Enable large directory feature to access it
[  981.323700][T15498] EXT4-fs warning (device loop1): dx_probe:934: inode #2: comm syz.1.4070: Corrupt directory, running e2fsck is recommended
[  981.483800][T15498] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -12
[  981.522728][T15498] EXT4-fs error (device loop1): ext4_iget_extra_inode:5035: inode #15: comm syz.1.4070: corrupted in-inode xattr: invalid ea_ino
[  981.597210][T15498] EXT4-fs (loop1): Remounting filesystem read-only
[  981.608997][T15498] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  981.825419][ T5809] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  982.421944][T15523] ptrace attach of "./syz-executor exec"[5815] was attempted by "                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              
[  983.033306][T15532] loop3: detected capacity change from 0 to 512
[  983.353520][T15532] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  983.367158][T15532] ext4 filesystem being mounted at /72/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  983.666579][T14442] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  983.825877][T15541] loop4: detected capacity change from 0 to 4096
[  984.123789][T15541] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  984.291765][T15552] genirq: Flags mismatch irq 31. 00200000 (comedi_parport) vs. 00200000 (virtio1-input.0)
[  984.395482][T15541] overlayfs: upper fs does not support tmpfile.
[  984.445903][T15541] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  984.454150][T15541] overlayfs: failed to set uuid (/file0, err=-22); falling back to uuid=null.
[  984.463596][T15541] overlayfs: failed to verify upper root origin
[  984.773319][ T3634] ntfs3(loop4): ino=9, ntfs3_write_inode failed, -22.
[  984.798225][ T5815] ntfs3(loop4): ino=9, ntfs_sync_fs failed, -22.
[  984.991340][T15564] ipt_rpfilter: only valid in 'raw' or 'mangle' table, not '
'
[  985.391326][T15570] loop2: detected capacity change from 0 to 256
[  985.604019][T15568] loop3: detected capacity change from 0 to 4096
[  985.655091][T15570] FAT-fs (loop2): Directory bread(block 64) failed
[  985.661901][T15570] FAT-fs (loop2): Directory bread(block 65) failed
[  985.669073][T15570] FAT-fs (loop2): Directory bread(block 66) failed
[  985.676085][T15570] FAT-fs (loop2): Directory bread(block 67) failed
[  985.685668][T15570] FAT-fs (loop2): Directory bread(block 68) failed
[  985.692704][T15570] FAT-fs (loop2): Directory bread(block 69) failed
[  985.699604][T15570] FAT-fs (loop2): Directory bread(block 70) failed
[  985.706626][T15570] FAT-fs (loop2): Directory bread(block 71) failed
[  985.716191][T15570] FAT-fs (loop2): Directory bread(block 72) failed
[  985.723383][T15570] FAT-fs (loop2): Directory bread(block 73) failed
[  985.736484][T15568] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  985.966374][T15577] CUSE: DEVNAME unspecified
[  986.058833][T14442] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  987.475388][T10634] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  987.664931][T10634] usb 4-1: Using ep0 maxpacket: 16
[  987.711058][T10634] usb 4-1: config 0 has an invalid interface number: 214 but max is 0
[  987.719854][T10634] usb 4-1: config 0 has no interface number 0
[  987.726524][T10634] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0
[  987.796287][T10634] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  987.807289][T15608] Bluetooth: MGMT ver 1.23
[  987.813264][T10634] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  987.821524][T10634] usb 4-1: Product: syz
[  987.826276][T10634] usb 4-1: Manufacturer: syz
[  987.831207][T10634] usb 4-1: SerialNumber: syz
[  987.846843][T15609] netlink: 40 bytes leftover after parsing attributes in process `syz.2.4119'.
[  987.854105][T10634] usb 4-1: config 0 descriptor??
[  988.552630][T10634] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -71
[  988.588122][T10634] usb 4-1: USB disconnect, device number 12
[  988.615586][T11653] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  988.813246][T11653] usb 5-1: New USB device found, idVendor=0925, idProduct=8866, bcdDevice= 0.00
[  988.823384][T11653] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.879402][T11653] usb 5-1: config 0 descriptor??
[  989.285392][T15627] tmpfs: Bad value for 'mpol'
[  989.347465][T15630] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4130'.
[  989.357236][T15630] bridge: RTM_NEWNEIGH bridge0 without NUD_PERMANENT
[  989.378698][T11653] smartjoyplus 0003:0925:8866.002E: hidraw0: USB HID v0.05 Device [HID 0925:8866] on usb-dummy_hcd.4-1/input0
[  989.392745][T11653] smartjoyplus 0003:0925:8866.002E: no output reports found
[  989.492508][T10634] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  989.576229][T11653] usb 5-1: USB disconnect, device number 18
[  989.672681][T10634] usb 3-1: Using ep0 maxpacket: 32
[  989.688445][T10634] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  989.745224][T10634] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  989.755441][T10634] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  989.764216][T10634] usb 3-1: Product: syz
[  989.768606][T10634] usb 3-1: Manufacturer: syz
[  989.773700][T10634] usb 3-1: SerialNumber: syz
[  989.812815][T11678] Bluetooth: hci2: Opcode 0x0401 failed: -110
[  989.883722][T10634] usb 3-1: config 0 descriptor??
[  989.892601][T15628] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  989.895388][T11678] Bluetooth: hci2: command 0x0406 tx timeout
[  989.915025][T10634] hub 3-1:0.0: bad descriptor, ignoring hub
[  989.921475][T10634] hub 3-1:0.0: probe with driver hub failed with error -5
[  990.062848][ T5872] usb 2-1: new high-speed USB device number 24 using dummy_hcd
[  990.243174][T10634] usb 3-1: USB disconnect, device number 17
[  990.249170][ T5872] usb 2-1: config 0 interface 0 altsetting 253 endpoint 0x81 has an invalid bInterval 36, changing to 9
[  990.261002][ T5872] usb 2-1: config 0 interface 0 altsetting 253 endpoint 0x81 has invalid wMaxPacketSize 0
[  990.273984][ T5872] usb 2-1: config 0 interface 0 has no altsetting 0
[  990.280913][ T5872] usb 2-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00
[  990.290581][ T5872] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  990.321361][ T5872] usb 2-1: config 0 descriptor??
[  990.570384][T15642] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4136'.
[  990.634091][T12499] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  990.766458][ T5872] pantherlord 0003:0810:0002.002F: unknown main item tag 0x0
[  990.811301][ T5872] pantherlord 0003:0810:0002.002F: hidraw0: USB HID v0.00 Device [HID 0810:0002] on usb-dummy_hcd.1-1/input0
[  990.825900][ T5872] pantherlord 0003:0810:0002.002F: no output reports found
[  990.857878][T12499] usb 3-1: Using ep0 maxpacket: 32
[  990.876162][T12499] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  990.920323][T12499] usb 3-1: string descriptor 0 read error: -22
[  990.927412][T12499] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  990.937027][T12499] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  990.999354][ T5872] usb 2-1: USB disconnect, device number 24
[  991.044373][T12499] usb 3-1: config 0 descriptor??
[  991.051990][T15628] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  991.145346][T12499] hub 3-1:0.0: bad descriptor, ignoring hub
[  991.151954][T12499] hub 3-1:0.0: probe with driver hub failed with error -5
[  991.483304][T12499] usb 3-1: USB disconnect, device number 18
[  992.612744][T10634] usb 4-1: new low-speed USB device number 13 using dummy_hcd
[  992.786881][T10634] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  992.801016][T10634] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  992.812862][T10634] usb 4-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00
[  992.822772][T10634] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  992.944092][T10634] usb 4-1: config 0 descriptor??
[  993.441009][T10634] logitech-djreceiver 0003:046D:C52F.0030: unknown main item tag 0x1
[  993.484012][T15684] loop4: detected capacity change from 0 to 1024
[  993.517044][T10634] logitech-djreceiver 0003:046D:C52F.0030: hidraw0: USB HID v0.00 Device [HID 046d:c52f] on usb-dummy_hcd.3-1/input0
[  993.595411][T15684] =====================================================
[  993.603188][T15684] BUG: KMSAN: uninit-value in hfsplus_delete_cat+0x1195/0x13d0
[  993.610990][T15684]  hfsplus_delete_cat+0x1195/0x13d0
[  993.619896][T15684]  hfsplus_rmdir+0x13c/0x310
[  993.626037][T15684]  vfs_rmdir+0x5b6/0x800
[  993.630460][T15684]  do_rmdir+0x87b/0xf30
[  993.634918][T15684]  __ia32_sys_rmdir+0x70/0xa0
[  993.639868][T15684]  ia32_sys_call+0x31ce/0x42c0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  993.645115][T15684]  __do_fast_syscall_32+0xb0/0x150
[  993.651012][T15684]  do_fast_syscall_32+0x38/0x80
[  993.656287][T15684]  do_SYSENTER_32+0x1f/0x30
[  993.661008][T15684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  993.667906][T15684] 
[  993.670332][T15684] Uninit was stored to memory at:
[  993.675899][T15684] ------------[ cut here ]------------
[  993.681531][T15684] WARNING: CPU: 1 PID: 15684 at kernel/stacktrace.c:29 stack_trace_print+0xd4/0xf0
[  993.692580][T15684] Modules linked in:
[  993.696665][T15684] CPU: 1 UID: 0 PID: 15684 Comm: syz.4.4156 Tainted: G        W           6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(none) 
[  993.711046][T15684] Tainted: [W]=WARN
[  993.715136][T15684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  993.729074][T15684] RIP: 0010:stack_trace_print+0xd4/0xf0
[  993.736834][T15684] Code: e5 40 03 92 89 de ba 20 00 00 00 4c 89 e1 e8 13 72 4d ff 49 83 c6 08 49 ff cd 0f 85 6e ff ff ff eb 0b e8 ff 50 c1 00 eb d4 90 <0f> 0b 90 5b 41 5c 41 5d 41 5e 41 5f 5d e9 4a 73 fe 0e cc 66 0f 1f
[  993.757291][T15684] RSP: 0018:ffff888039b0f858 EFLAGS: 00010246
[  993.763871][T15684] RAX: ffff888022638b58 RBX: 0000000000000000 RCX: 0000000000000000
[  993.772313][T15684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  993.772390][T12499] usb 4-1: USB disconnect, device number 13
[  993.780878][T15684] RBP: ffff888039b0f880 R08: 0000000000000000 R09: 0000000000000000
[  993.780952][T15684] R10: ffff88803930f898 R11: 0000000000000001 R12: 0000000000000000
[  993.781013][T15684] R13: 00000000abcd0100 R14: 0000000000000000 R15: 0000000000000000
[  993.781073][T15684] FS:  0000000000000000(0000) GS:ffff8881aa962000(0063) knlGS:00000000f509eb40
[  993.826383][T15684] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  993.834421][T15684] CR2: 000000002ef19ff8 CR3: 0000000042b18000 CR4: 00000000003526f0
[  993.842992][T15684] Call Trace:
[  993.846482][T15684]  <TASK>
[  993.849538][T15684]  kmsan_print_origin+0xb0/0x340
[  993.854835][T15684]  ? stack_trace_print+0xbd/0xf0
[  993.860009][T15684]  kmsan_report+0x1d3/0x320
[  993.864900][T15684]  ? __msan_warning+0x1b/0x30
[  993.869934][T15684]  ? hfsplus_delete_cat+0x1195/0x13d0
[  993.875862][T15684]  ? hfsplus_rmdir+0x13c/0x310
[  993.880799][T15684]  ? vfs_rmdir+0x5b6/0x800
[  993.885916][T15684]  ? do_rmdir+0x87b/0xf30
[  993.890441][T15684]  ? __ia32_sys_rmdir+0x70/0xa0
[  993.895816][T15684]  ? ia32_sys_call+0x31ce/0x42c0
[  993.901024][T15684]  ? __do_fast_syscall_32+0xb0/0x150
[  993.906813][T15684]  ? do_fast_syscall_32+0x38/0x80
[  993.912468][T15684]  ? do_SYSENTER_32+0x1f/0x30
[  993.917467][T15684]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  993.928123][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  993.935522][T15684]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  993.941752][T15684]  ? hfsplus_bnode_dump+0x50a/0x560
[  993.947231][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  993.952713][T15684]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  993.958832][T15684]  ? hfsplus_brec_remove+0x92f/0xa60
[  993.964927][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  993.970245][T15684]  __msan_warning+0x1b/0x30
[  993.975110][T15684]  hfsplus_delete_cat+0x1195/0x13d0
[  993.980561][T15684]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  993.986788][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  993.992575][T15684]  hfsplus_rmdir+0x13c/0x310
[  993.997556][T15684]  ? __pfx_hfsplus_rmdir+0x10/0x10
[  994.003391][T15684]  vfs_rmdir+0x5b6/0x800
[  994.009350][T15684]  do_rmdir+0x87b/0xf30
[  994.013934][T15684]  __ia32_sys_rmdir+0x70/0xa0
[  994.019016][T15684]  ia32_sys_call+0x31ce/0x42c0
[  994.028077][T15684]  __do_fast_syscall_32+0xb0/0x150
[  994.034579][T15684]  ? irqentry_exit_to_user_mode+0x82/0xa0
[  994.040751][T15684]  do_fast_syscall_32+0x38/0x80
[  994.046265][T15684]  do_SYSENTER_32+0x1f/0x30
[  994.051433][T15684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  994.058234][T15684] RIP: 0023:0xf70ae539
[  994.062648][T15684] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  994.082987][T15684] RSP: 002b:00000000f509e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000028
[  994.092044][T15684] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 0000000000000000
[  994.100220][T15684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  994.108813][T15684] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  994.117556][T15684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  994.129817][T15684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  994.139371][T15684]  </TASK>
[  994.142678][T15684] ---[ end trace 0000000000000000 ]---
[  994.148252][T15684] 
[  994.150671][T15684] Uninit was stored to memory at:
[  994.156129][T15684]  hfsplus_create_cat+0x18fb/0x1910
[  994.161743][T15684]  hfsplus_fill_super+0x212e/0x2740
[  994.167175][T15684]  get_tree_bdev_flags+0x6e6/0x920
[  994.173185][T15684]  get_tree_bdev+0x38/0x50
[  994.178128][T15684]  hfsplus_get_tree+0x35/0x40
[  994.183230][T15684]  vfs_get_tree+0xb3/0x5c0
[  994.187839][T15684]  do_new_mount+0x738/0x1610
[  994.192927][T15684]  path_mount+0x6db/0x1e90
[  994.197547][T15684]  __se_sys_mount+0x6eb/0x7d0
[  994.202812][T15684]  __ia32_sys_mount+0xe2/0x150
[  994.208271][T15684]  ia32_sys_call+0x2733/0x42c0
[  994.213398][T15684]  __do_fast_syscall_32+0xb0/0x150
[  994.218907][T15684]  do_fast_syscall_32+0x38/0x80
[  994.224134][T15684]  do_SYSENTER_32+0x1f/0x30
[  994.232268][T15684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  994.239995][T15684] 
[  994.242661][T15684] Uninit was created at:
[  994.247226][T15684]  __alloc_frozen_pages_noprof+0x689/0xf00
[  994.253504][T15684]  alloc_pages_mpol+0x328/0x860
[  994.258760][T15684]  alloc_frozen_pages_noprof+0xf7/0x200
[  994.264817][T15684]  allocate_slab+0x24d/0x1220
[  994.269780][T15684]  ___slab_alloc+0xfec/0x3480
[  994.274814][T15684]  kmem_cache_alloc_lru_noprof+0x922/0xed0
[  994.280923][T15684]  hfsplus_alloc_inode+0x5a/0xd0
[  994.286345][T15684]  alloc_inode+0x87/0x4a0
[  994.290938][T15684]  new_inode+0x39/0x460
[  994.295465][T15684]  hfsplus_new_inode+0x5e/0xb70
[  994.300571][T15684]  hfsplus_fill_super+0x2095/0x2740
[  994.306185][T15684]  get_tree_bdev_flags+0x6e6/0x920
[  994.311628][T15684]  get_tree_bdev+0x38/0x50
[  994.316319][T15684]  hfsplus_get_tree+0x35/0x40
[  994.321725][T15684]  vfs_get_tree+0xb3/0x5c0
[  994.326442][T15684]  do_new_mount+0x738/0x1610
[  994.334768][T15684]  path_mount+0x6db/0x1e90
[  994.339373][T15684]  __se_sys_mount+0x6eb/0x7d0
[  994.345421][T15684]  __ia32_sys_mount+0xe2/0x150
[  994.350455][T15684]  ia32_sys_call+0x2733/0x42c0
[  994.355649][T15684]  __do_fast_syscall_32+0xb0/0x150
[  994.360958][T15684]  do_fast_syscall_32+0x38/0x80
[  994.366284][T15684]  do_SYSENTER_32+0x1f/0x30
[  994.371061][T15684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  994.378025][T15684] 
[  994.380526][T15684] CPU: 1 UID: 0 PID: 15684 Comm: syz.4.4156 Tainted: G        W           6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(none) 
[  994.394931][T15684] Tainted: [W]=WARN
[  994.399063][T15684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  994.409449][T15684] =====================================================
[  994.416789][T15684] Disabling lock debugging due to kernel taint
[  994.423205][T15684] Kernel panic - not syncing: kmsan.panic set ...
[  994.429772][T15684] CPU: 1 UID: 0 PID: 15684 Comm: syz.4.4156 Tainted: G    B   W           6.16.0-rc7-syzkaller-00018-g01a412d06bc5 #0 PREEMPT(none) 
[  994.444078][T15684] Tainted: [B]=BAD_PAGE, [W]=WARN
[  994.449202][T15684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  994.459583][T15684] Call Trace:
[  994.462972][T15684]  <TASK>
[  994.466002][T15684]  __dump_stack+0x26/0x30
[  994.470515][T15684]  dump_stack_lvl+0x53/0x270
[  994.475273][T15684]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  994.481259][T15684]  dump_stack+0x1e/0x25
[  994.485685][T15684]  panic+0x4bd/0xd50
[  994.489809][T15684]  kmsan_report+0x31c/0x320
[  994.494566][T15684]  ? __msan_warning+0x1b/0x30
[  994.499470][T15684]  ? hfsplus_delete_cat+0x1195/0x13d0
[  994.505056][T15684]  ? hfsplus_rmdir+0x13c/0x310
[  994.510218][T15684]  ? vfs_rmdir+0x5b6/0x800
[  994.514786][T15684]  ? do_rmdir+0x87b/0xf30
[  994.519285][T15684]  ? __ia32_sys_rmdir+0x70/0xa0
[  994.524293][T15684]  ? ia32_sys_call+0x31ce/0x42c0
[  994.529470][T15684]  ? __do_fast_syscall_32+0xb0/0x150
[  994.534957][T15684]  ? do_fast_syscall_32+0x38/0x80
[  994.540155][T15684]  ? do_SYSENTER_32+0x1f/0x30
[  994.545007][T15684]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  994.551806][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  994.557089][T15684]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  994.563074][T15684]  ? hfsplus_bnode_dump+0x50a/0x560
[  994.568560][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  994.574001][T15684]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  994.579980][T15684]  ? hfsplus_brec_remove+0x92f/0xa60
[  994.585462][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  994.590769][T15684]  __msan_warning+0x1b/0x30
[  994.595554][T15684]  hfsplus_delete_cat+0x1195/0x13d0
[  994.600964][T15684]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  994.606947][T15684]  ? kmsan_get_metadata+0xfb/0x160
[  994.612447][T15684]  hfsplus_rmdir+0x13c/0x310
[  994.617222][T15684]  ? __pfx_hfsplus_rmdir+0x10/0x10
[  994.622481][T15684]  vfs_rmdir+0x5b6/0x800
[  994.626975][T15684]  do_rmdir+0x87b/0xf30
[  994.631292][T15684]  __ia32_sys_rmdir+0x70/0xa0
[  994.636146][T15684]  ia32_sys_call+0x31ce/0x42c0
[  994.641066][T15684]  __do_fast_syscall_32+0xb0/0x150
[  994.646392][T15684]  ? irqentry_exit_to_user_mode+0x82/0xa0
[  994.652295][T15684]  do_fast_syscall_32+0x38/0x80
[  994.657351][T15684]  do_SYSENTER_32+0x1f/0x30
[  994.662042][T15684]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  994.668696][T15684] RIP: 0023:0xf70ae539
[  994.672902][T15684] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  994.693013][T15684] RSP: 002b:00000000f509e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000028
[  994.701945][T15684] RAX: ffffffffffffffda RBX: 00000000800000c0 RCX: 0000000000000000
[  994.710068][T15684] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  994.718342][T15684] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  994.726612][T15684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  994.734804][T15684] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  994.743079][T15684]  </TASK>
[  994.746634][T15684] Kernel Offset: disabled
[  994.751150][T15684] Rebooting in 86400 seconds..