last executing test programs:

7m23.910367776s ago: executing program 0 (id=536):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000000)={0x1c, r0, 0x5, 0x20000, 0x25dfdbfb, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r1}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r1}, 0x38)

7m23.201129402s ago: executing program 0 (id=539):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f00000040c0)={0x200000, 0x200000, 0x1000, 0x200000})
r0 = syz_io_uring_setup(0x16d2, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x0, 0x1c2}, &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000180)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='/'], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_MKDIRAT={0x25, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0})
io_uring_enter(r0, 0x2d7e, 0x0, 0x0, 0x0, 0x0)

7m22.765303357s ago: executing program 2 (id=541):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=@framed={{}, [@tail_call={{}, {}, {0x85, 0x0, 0x0, 0x1b}}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x35, &(0x7f0000000000)=0x8000, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0xb, &(0x7f0000000040)=0x8, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x400000000000284, 0x2, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c)

7m22.129240786s ago: executing program 0 (id=543):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x8000000003c)
connect$inet6(r1, &(0x7f0000000140)={0xa, 0x3, 0x0, @remote, 0x5}, 0x1c)
sendmsg(r1, &(0x7f00000000c0)={0x0, 0x953c, &(0x7f0000000100)=[{&(0x7f0000000000)="2b10", 0xffbd}], 0x1, 0x0, 0x0, 0x2c}, 0x4)
unshare(0x20400)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x2, 0x80000000000, 0x1, 0xb886, 0xb5dd}, &(0x7f00000001c0)={0x1f, 0x0, 0x0, 0x0, 0xfffffffffffffff8, 0x9, 0xfffffffffffffffe, 0x7fffffff}, 0x0, 0x0, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

7m21.876671294s ago: executing program 2 (id=546):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000ab4000000060a01040000000000000000020000280900010073797a30000000000900020073797a320000000088000480100001800c000100636f756e7465720014000180090001006d6173710000000004000280600001800a0001006c696d6974000000500002800c000140000000000000000808000440000000010c00014000000000000080010c00024000000000000000090800034000000fba0c00024000000000000000000c000140000000000000000714000000110001"], 0xdc}}, 0x0)
sendmsg$NFT_MSG_GETRULE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="14000000190a0102"], 0x14}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x30, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, '\b'}]}], {0x14, 0x11, 0x1, 0x4}}, 0xa4}, 0x1, 0x0, 0x0, 0x2004c899}, 0x0)
recvmmsg(r0, &(0x7f000000c2c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)

7m21.24008004s ago: executing program 0 (id=548):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)

7m20.988603842s ago: executing program 2 (id=550):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000180)={0x26, 'skcipher\x00', 0x0, 0x0, 'chacha20-generic\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20)
r1 = accept4$alg(r0, 0x0, 0x0, 0x0)
io_setup(0x42, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000580)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r1, &(0x7f0000000000)='e', 0x3f}])
sendmmsg$alg(r1, &(0x7f0000001300)=[{0x0, 0x0, &(0x7f0000000e80)=[{&(0x7f0000000780)="3504", 0x2}], 0x1}], 0x1, 0x0)

7m20.318186393s ago: executing program 0 (id=552):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000007c0)=@newtfilter={0x48, 0x2c, 0xd27, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, r3, {0x4, 0x10}, {}, {0xf, 0x6}}, [@filter_kind_options=@f_flower={{0xb}, {0x18, 0x2, [@TCA_FLOWER_KEY_CT_LABELS={0x14, 0x61, "94960200"}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

7m19.687519552s ago: executing program 0 (id=555):
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x40)
socket(0x2, 0x80805, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)

7m18.172768949s ago: executing program 32 (id=555):
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x40)
socket(0x2, 0x80805, 0x0)
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
connect$can_bcm(r0, &(0x7f00000000c0), 0x10)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0)

7m18.115437817s ago: executing program 2 (id=559):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000100)='./file1\x00', 0xe, &(0x7f0000000140)={[{@max_batch_time={'max_batch_time', 0x3d, 0x31e4}}, {@resuid}, {@stripe={'stripe', 0x3d, 0x9}}]}, 0x4, 0x453, &(0x7f0000001b80)="$eJzs289vFFUcAPDv7HaLCNiK+IMfahWNxB8tBVQOHtRo4gETEz3osWkLQRZqaE2EEC0e8GSMiXfj0X/Bk16M8WTiVe+GhBgugKc1szuz3W13l23ZZVv280kG3pt50/e+O/N235u3G8DQmkj/SSJ2RsRfETFWyzYXmKj9d/P6pdlb1y/NJlGpvP9vUi134/qletH8vB3VzGh97/4W9S5euHhmplyeP5/lp5bOfjK1eOHiS6fPzpyaPzV/7sjx48eOTr/6ypGXexJn2qYb+z5fOLD3nY++fffE103x1+KY7UlFKyY6HXy2UulxdYO1qyGdjHQsutz3xtC1YkSkl6tU7f9jUYyVizcWb3850MYBfVWpVCo72h9ergD3sCSa87o8DIv8gz6d/+bb6kHA6/0bfgzctTdqE6A07pvZVjsyEoWsTGnV/LaXJiLiw+X/vk+36M9zCACAJj+n458XW43/CvFIQ7kHsrWh8Yh4MCJ2R8RDEbEnIh6OqJZ9NCIeW2f9qxdJ1o5/Clc3FFiX0vHfa9naVvP4Lx/9xXgxy+2qxl9KTp4uzx/OXpNDUdqW5qc71PHLW39+0+5Y4/gv3dL687Fg1o6rI9ua1+TmZpZm7jDsumuXI/aNtIo/qa8EpHXvjYh9G6zj9PM/Hmh37Pbxd9B5nakrlR8inqtd/+VYFX8u6bw+OXVflOcPT+V3xVq//3HlvXb131H8PZBe//tb3v/1+MeTxvXaxfXXceXvr9rOabq9/xul9/9o8kE1na8yfzaztHR+OmI0OVFrdOP+Iyvn5vm8fBr/oYOt+//uWHkl9kdEehM/HhFPRMSTWdufioinI+Jgh/h/e/OZjzcef3+l8c+t6/qvJEZj9Z7WieKZX39qqnR8Tfy3Ol//Y9XUoWxPN+9/3bRrY3czAAAAbD2FiNgZSWGyni4UJidr35ffE1EoLywuvXBy4dNzc7XfCIxHFPInXWMNz0Ons2l9LX85ImpfLciPH82eG39X3F7NT84ulOcGHTwMuR1t+n/qn+KgWwf0XQ/W0YAtSv+H4aX/w/DS/2F4tej/2wfRDuDua/X5/8UA2gHcZaU1eyz7wRAx/4fhpf/D8NL/YSgtbo/b/0i+YyL/Sxs8/Z5NRGlTNKNviShsimZs2kRpi/eLwb0nAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9NL/AQAA//+2Edzg")
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

7m16.783117446s ago: executing program 2 (id=564):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r2}, 0x10)
setitimer(0x2, 0x0, 0x0)

7m15.647094176s ago: executing program 2 (id=567):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = epoll_create1(0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0xb0000004})
epoll_wait(r1, &(0x7f0000000280)=[{}], 0x1, 0x4000005)

7m13.345473784s ago: executing program 33 (id=567):
r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
r1 = epoll_create1(0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000140)={0xb0000004})
epoll_wait(r1, &(0x7f0000000280)=[{}], 0x1, 0x4000005)

2m53.806596829s ago: executing program 5 (id=1456):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0)
syz_emit_ethernet(0x11, &(0x7f0000000200)=ANY=[], 0x0)

2m52.978980142s ago: executing program 5 (id=1448):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r0 = creat(&(0x7f0000000440)='./file0\x00', 0x4a)
open_by_handle_at(r0, &(0x7f0000000140)=@OVL_FILEID_V1={0x17, 0x300fb, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x30000)

2m52.117358471s ago: executing program 5 (id=1454):
sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha256)\x00'}, 0x58)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x42073, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x0)

2m50.807703901s ago: executing program 5 (id=1460):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x48c5, &(0x7f0000000400)={[{@shortname_winnt}, {@shortname_winnt}, {@rodir}, {@fat=@discard}, {@fat=@flush}, {@shortname_winnt}, {@numtail}, {@fat=@dmask={'dmask', 0x3d, 0x100}}, {@fat=@dos1xfloppy}, {@uni_xlate}, {@utf8no}, {@shortname_winnt}]}, 0x0, 0x274, &(0x7f0000000780)="$eJzs3MGLG1UYAPDPbNvdbmmzBxEUxIde9BLa9S8I0oK4oKyNqAdh6mY17JgsmbgSEdubV/+O4tGboP4De/HmXbwsguClBzHSJONm10BbaZzV/H4Q5su8+fLeTGbCNwN5R29/+dHebtHYzQZRW0tRi7gT9yI27kdTT0yXtXF8IWbdiZcu/fbjs2++8+5rza2t69sp3WjefHkzpXTluW8/+eyr578fXHrr6yvfrMbhxntHv27+dPjU4dNHf9wsP703SFm61esNslt5O+10ir1GSm/k7axop063aPdPtO/mvf39Ycq6O5fX9/vtokhZd5j22sM06KVBf5iyD7JONzUajXR5PZbNyiNntO5ub2fNhQyGKlyct7Lfb2Yrcxtbd/+NQQEAZ0tV9f+HnSJ1itR9UP1fC/X/4qj/l8H9+n99ev2epP4HAAAAAAAAAAAAAID/gnujUX00GtXLZflajYi1iCjfVz1OFsP3v9xm/ri3FpF/cdA6aE2Wk/bmbnQij3ZcPR/x+/h8mJrEN17dun41jW3Ed/ntaf7tg9ZKrJb5pY35+dcm+elk/vlYn+1/M+rx5Pz8zbn5F+LFF2byG1GPH96PXuSxMz6vj/M/v5bSK69vncq/ON4OAAAA/g8a6S9/u38ftzdSOW3IqfbJyuPnA1F/wPOBU/fX5+KZc9XtNwAAACyTYvjpXpbn7b7g0QKHbuFBLSIq6v2XiDgbB+GxBj9/PLnqH2bjqn+ZAACAx+246K96JAAAAAAAAAAAAAAAAAAAALC8HnbysHL7fzL32Ex3K9XsJQAAAAAAAAAAAAAAAAAAAAAAAJwNfwYAAP//xsMhSw==")
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000200)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002140)={0x2020}, 0x2100)

2m49.913085394s ago: executing program 5 (id=1463):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000180)=0x7b, 0x4)
shutdown(r1, 0x0)
recvmmsg(r1, &(0x7f00000066c0), 0xa0d, 0x0, 0x0)

2m49.116595994s ago: executing program 5 (id=1477):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r2], 0x50}, 0x1, 0xba01}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)

2m45.494731791s ago: executing program 34 (id=1477):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)=ANY=[@ANYBLOB="50000000100003040000000000000000f2000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002800128009000100766c616e000000001800028006000100010000000c000200540a00001800000008000500", @ANYRES32=r2], 0x50}, 0x1, 0xba01}, 0x0)
r3 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x404c080)

2m30.537753678s ago: executing program 1 (id=1523):
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access='])

2m29.57306801s ago: executing program 1 (id=1527):
r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r2=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f00000001c0)={r2, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r1, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0, <r4=>0x0], &(0x7f0000000040), 0x3, r3})
ioctl$DRM_IOCTL_MODE_GETPROPERTY(r0, 0xc04064aa, &(0x7f0000000100)={0x0, 0x0, r4})

2m28.946826295s ago: executing program 1 (id=1530):
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
lseek(0xffffffffffffffff, 0x1, 0x4)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000001c0)={0x0, 0x0}, 0x10)
mount$bind(&(0x7f0000000080)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x12109c, 0x0)
ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5)
syz_emit_vhci(&(0x7f0000000f00)=ANY=[@ANYBLOB="040f0400010104"], 0x7)

2m27.613465261s ago: executing program 1 (id=1533):
syz_mount_image$nilfs2(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', 0x1014800, &(0x7f0000001580)=ANY=[@ANYRES16=0x0, @ANYRES32=0x0, @ANYRESDEC, @ANYRES8=0x0, @ANYRES8=0x0, @ANYRESDEC, @ANYRESOCT=0x0, @ANYRES64, @ANYRESDEC], 0x1, 0xda6, &(0x7f0000003c80)="$eJzs3ctvXFf9APBzx544r/7iNO4vJoTEJJSGR+wmtSg7XCksKqQKKX9BFdKS4pZHwqJVKiVZsCVS1T+AqmtY8MyiUtRVUDcg/oGqKzahqlQgQmqNbJ8zHn8zw51xbI/H8/lId87c+z33nnPmcefOfZ0EjKzGyuP8/HSV0tt33rrw4OT4v5ennGzlmFl5HM9jCymlZmu+lCbD8hYmVtPPPrl+qT39PKdVOp+qVLWmpxfut+Y9kFK6kWbS3TSZLn589PYrHzy/+N6Rm0cuvHnm3ta0HgAARsuD77370z8/9d3rh//zmxMLaaI1vWyfL+Txg3m7f6FaHc9J639A1ZZWbePFnpBvPA+NkG+sQ772cpoh33iX8veE5Ta75JuoKX+sbVqndsMwW/sfXzVm1403GrOzq//Jl304tqeafe3K4ktXB1RRYNN9ejLv4jMYDCM3LB0a9BoIYFU8bviQG3HPwqNpLW28t/LvP9foPD9sgu3+/Ct/uMp/96Y1Dptnt36aSrvK9+hgHo/HEcbDfP1+/8vy4vGIZo/17HYcYViOL3Sr59g212OjutU/fi52qy/ltLwOJ0K8/fsT39NheY+Bzh7Y/28wjOywNOgVELBjxfPmlrISj+f1xfhETXxvTXxfTXx/TfxATRxG2W+v/TLdrtb+58f/9P3uDyv72R7L6f/1WZ+4P7Lf8uN5v/161PLj+cSwo5351/FPf373L/H8/8/D+f+n82/pZF5BlP2Fcb9669z/cGFwo0u+x0N1HuuQf+X51Pp81dTaclLbeuahekyvn+9Qt3zH1+ebDPn2522RvaG+cftkf5ivbH+U9Wp5vcZDe5uhHXtCPco7czine0N7DndrV9iRvSfka+bhSGjXVGjXE2G+/w/tqqbXtyvuPy/1ORqmx+MkJV942x76XYrvRbwu41ROb+X0nZy+n9OPOpQ7isrnsdv5/+XzOZ2a1UtXFi8/ncfL5/TeWHNiefq5ba438Oh6vf5nOq2//udga3qz0b5eOLQ2vWpfL0yG6ee7TH8mj5ffsx+O7VuZPnvpx4s/2OzGw4i7+vobP3pxcfHyzzzxxBNPWk/+x0rj1zMXr23jOgrYGnPXXv3J3NXX3zh75dUXX7788uXXzj397W898+yz83MrW/Vz7dv2wO6y9qM/6JoAAAAAAAAAAAAAPav2dZ6c07r725brycv16fH6eIZDed/Kp6Hcx6Bc/9ntvi7l+s3D21BHNt92XE406DYCnf3D/X8NhpEdlpbcxR/YGQbd/1+572FJD5792+HloWS7/9z69WW8fyE8ip3e/5zyd1f/f63+r3pe/4UesyY3Vu7vHuz7a1ux6Viv5cf2l/vATvVX/u9z+aU1T6beyl/6VSg/3qi0R38I5e/vsfyH2n98Y+X/MZdfXrYzp3stf7XGVWN9PeJ+43IfwLjfuPhTaH+5t18/7T91a+Mdtd3J5cMoG5Z+Jvs1LP1/dlOWW9aDefXcOk5X7r8d+zvot/7lvt/ld+CJsPyq5vdN/5/Dra7/z/L5m9P/J+w6Hzr+ZzCM7LC0tDTQrk9Gtd+VnWLQr/+gtyEHXf6gX/86sf/P+H8p9v8Z47H/zxiP/X/GeOxfK8Zj/5/x9Yz9f8b40bDc2D/odE38CzXxYzXxL9bEj9fE4/+3GJ+piZ+oiZ+siT9eEz9VEz9dE/9KTfzJmvhTNfEzNfHd7ss5HdX2wyiL/Ub6/sPoKMd/un3/p2riwPCK/TrH7/dXa+LA8Crnefh+wwiqOt+xI+5vL/txb+X0nZy+n9OPtqyCbIev5fTrOf1GTr+Z07M5nc3pXE71DTncfvH3YyduV2vn+R0K8V7PJ43XA8T7xJzrsT7x+Fy/57Me7bGcrSp/g5eDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyNxsrj/Px0ldLbd9668M+p73x/ecrJVo6ZlcfxPLaQUmqmlKo8Ph6Wd2NiNf3sk+uXOqVVOr/yWMbTC/db8x5Ynj/NpLtpMl38+OjtVz54fvG9IzePXHjzzL2taT0AAACMhv8GAAD//5Cp5/o=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})

2m25.753290944s ago: executing program 1 (id=1541):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0)
r0 = socket$inet(0x2, 0x3, 0x2)
r1 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
setsockopt$inet_msfilter(r1, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa00"], 0x1c)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x1000000}}}}}, 0x0)

2m24.435124033s ago: executing program 1 (id=1545):
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0))
r1 = syz_open_pts(r0, 0x101000)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

2m21.329608492s ago: executing program 35 (id=1545):
bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
write$binfmt_aout(r0, &(0x7f0000000180)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0))
r1 = syz_open_pts(r0, 0x101000)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0x17)

1m2.273293549s ago: executing program 8 (id=1841):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x16, 0xf, &(0x7f00000003c0)=ANY=[@ANYBLOB="1808"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000100)=@bpf_ext={0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x41100, 0x26, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x1313b, r0, 0x0, 0x0, &(0x7f00000003c0), 0x10, 0x0, @void, @value}, 0x94)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x110e22fff6)
ioctl$TUNGETVNETLE(r1, 0x4010744d, &(0x7f0000000180))

1m1.149187002s ago: executing program 8 (id=1846):
r0 = creat(&(0x7f0000000400)='./bus\x00', 0x0)
r1 = open(&(0x7f0000000100)='./bus\x00', 0xe5000, 0x0)
write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[], 0x76)
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000140)={0xbff, 0x80000000, 0x10000005})
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000140)=ANY=[@ANYBLOB="04"], 0x2, 0x0)
dup3(r1, r0, 0x0)
finit_module(r1, 0x0, 0x100000000000000)

1m0.005440802s ago: executing program 8 (id=1850):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080)=0x3, 0x4)
bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@can_newroute={0x14, 0x18, 0x1, 0x0, 0x200, {0x1d, 0x1, 0x8}}, 0x14}}, 0x0)
sendmsg$inet(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)='5', 0x1}], 0x1}, 0x4003)
recvmmsg(r0, &(0x7f00000005c0), 0x40000000000026c, 0x0, 0x0)

58.393528964s ago: executing program 8 (id=1855):
syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file2\x00', 0x21000e, &(0x7f0000000380), 0x1, 0x52e, &(0x7f0000000e00)="$eJzs3c1vHGcZAPBnxrvBaVzsAodSqR+iQUkF2Y1r2loc2iIQt0qgcg+WvbGsrLORd93GVoUc8QcgIQSVOHHigsSNCxLqn4CQKtE7AgRCkMKBAzBoZmdTZztrO+p+JPbvJ72777yzO8/zbryz73xkJoAz67mIeD0i5iLihYhYLNvTssRBv+Sv+/DuO+t5yZvf/HsSSdkWUVTvuVC+bb7/VKm7t39jrd1u7ZTTzd72rWZ3b//K1vbaZmuzdXNlZfnl1VdWX1q9OpZ+5v169Rt//vEPfv7NV3/z5bf/cO2vl7+XJ/31cv6gX+NTfHrxQfFYzz+Le2oRsTPeYDMzV/anPutEAAA4kXyU+pmI+EIx/l+MuWI0Vxge0s1PPzsAAABgHLLXFuI/SUQGAAAAnFqvRcRCJGmjPBdgIdK00eifw/u5eCxtd7q9L13v7N7cyOdFLEU9vb7Vbl0tz6ldinqSTy8X9Y+mXxyaXomIJyLiR4vni+nGeqe9MeudHwAAAHBGXBja/v/XYn/7HwAAADhllmadAAAAADBxo7b/kynnAQAAAEyO4/8AAABwqn3rjTfykg3uf73x1t7ujc5bVzZa3RuN7d31xnpn51Zjs9PZLK7Zt33UsuoR0e50bn0lYvd2s9fq9prdvf1r253dm71rW+4fCAAAALPyxLPvfZBExMFXzxcldy5/mBvxBucKwKmRPsiL/zS5PIDpG/UzfwLnxpkHMH21WScAzM7BrBMAZu2+S31UDAoOn7xz3z6D304uJwAAYLwufb76+H+tPJ//CPb/wyPu8La8YwFwtnyC4//AI85vPpxd9QcaAdyZYCbArBx3q4+RF++oOv5fuWcwy45dFgAAMFELRXk2bZTHAhciTRuNiMeL/+pfT65vtVtXI+LTEfH7xfqn8unl4p2J2wMCAAAAAAAAAAAAAAAAAAAAAAAAwAllWRIZAAAAcKpFpH9Jyvt/XVq8uDC8f+Bc8u/FKG/p9fZP3/zJ7bVeb2c5b//Hvfbeu2X7i7PYgwEAAABnUe3IuYPt9MF2PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACM04d331kflGnG/dvXImKpKn4t5ovn+ahHxGP/TKJ26H1JRMyNIf7BnYh4sip+kqcVS2UWw/HTiDg/nfhPZ1lWGf/CGOLDWfZevv55ver7l8ZzxXP1979Wlk/qvvXfuV8dmpPeW//NjVj/PX7CGE+9/8vmyPh3Ip6qVa9/BvGTEfGfr1pgxYfy3e/s73+ssb/wyH4Wcany9ye5L1azt32r2d3bv7K1vbbZ2mzdXFlZfnn1ldWXVq82r2+1W+VjZR9/+PSv/zfU9N+sr+h/jIi/dEz/L+aV+qHGbDhMGez923c/26/WhxZRxL/8fPXf35NHxM//Jr5Y/g7k8y8N6gf9+mHP/OJ3z1QmVsbfGNH/4/79L49a6JAXvv39P57wpQDAFHT39m+stdutnYlX3s2ybFqxTl6J9KQvLoaLU/3EplsZjO4mFmL+YenplCsXH440HqQyjj1bAADAw+ajQf+sMwEAAAAAAAAAAAAAAAAAAICzq7sX6aQvJzYc82A2XQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONL/AwAA///zaNkr")
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00')
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
pivot_root(&(0x7f00000000c0)='./file0\x00', &(0x7f0000001480)='./file0/../file0/../file0/../file0\x00')

56.634891654s ago: executing program 8 (id=1862):
unshare(0x2040400)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000700)=ANY=[@ANYBLOB="9feb01001800000000000000180000001800000004000000020000000000000c02000000000000000000000d0000000000005f"], 0x0, 0x34, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = memfd_secret(0x80000)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x13, r1, 0x0)
ftruncate(r1, 0x3)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ed0759cb47cd90df41fa7a40c72a22dcc53a83731c39b01fceb7"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x1, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000180)={r2, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4f, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000001200)=[{}], 0x8, 0x0, 0x0, 0x0, 0x37, 0x0, 0x8, 0x0, 0x0}}, 0x10)

55.547253336s ago: executing program 8 (id=1867):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x0, 0x40000000, 0x0, 0x3}, 0x8})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
close(0x3)

53.195205264s ago: executing program 36 (id=1867):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000380), 0x101040)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000300)={{0x0, 0x2}})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000600), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000003c0)={0x9c9, 0x0, 0x0, 'queue1\x00', 0x200000})
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000280)={0x0, 0x0, {0x0, 0x0, 0x40000000, 0x0, 0x3}, 0x8})
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
close(0x3)

11.507716634s ago: executing program 4 (id=2007):
prctl$PR_SET_MM_MAP(0x23, 0xf, 0x0, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, &(0x7f0000000240)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="200084000000e9b71a"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

10.34750413s ago: executing program 9 (id=2012):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00'}, 0x10)
syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce6203c23c00fe80000000000000875a65969ff57b00000000000000000000000000ac1414aa2c"], 0xfdef)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff0, @void, @value}, 0x94)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48)

10.264430709s ago: executing program 4 (id=2013):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [], {0x14}}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0)
r0 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x1bd}, &(0x7f00000003c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='cgroup.events\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f00000001c0)=ANY=[@ANYBLOB='='], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_NOP={0x0, 0x2})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

9.893228653s ago: executing program 3 (id=2014):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket(0x1e, 0x1, 0x0)
connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r0, &(0x7f0000000080), 0x2000011a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r2, 0x201, 0x400000, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0)

9.475089119s ago: executing program 7 (id=2015):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000700)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x10, 0xb}, {}, {0x4, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_GENEVE={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x40040)

9.442014492s ago: executing program 4 (id=2017):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000006c0)=@v1={0x0, @aes128, 0x0, @desc4})
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x121c80, 0x47)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000280)=0x4000fdfd)

8.532597s ago: executing program 9 (id=2018):
r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000100), 0x2)
r1 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\xdenJ\xeb\x87\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38\x14\xcb\xfa\xb3j\x92\f\xe0\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf0\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x2)
ftruncate(r1, 0xffff)
fcntl$addseals(r1, 0x409, 0x7)
r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000140)={r1, 0x0, 0x0, 0x4000})
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x13, r2, 0x0)
syz_clone3(&(0x7f0000002a40)={0x24888100, 0x0, 0x0, 0x0, {0x1c}, 0x0, 0x0, 0x0, 0x0}, 0x58)

8.362618661s ago: executing program 6 (id=2019):
r0 = socket$inet_mptcp(0x2, 0x1, 0x106)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
close(0x3)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x4e20, 0xbe, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x5}]}, &(0x7f0000000140)=0x10)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x7a, &(0x7f0000000340)={r2, @in6={{0xa, 0x4e21, 0xfffffffc, @dev={0xfe, 0x80, '\x00', 0x37}, 0x4}}}, &(0x7f0000000100)=0x84)
connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)

8.308121922s ago: executing program 4 (id=2020):
getpid()
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'team_slave_0\x00', <r1=>0x0})
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x6, 0x4, &(0x7f00000006c0)=ANY=[@ANYBLOB="18020000000000000000000000000000850000001700000095"], &(0x7f00000005c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000300)={r2, r1, 0x25, 0x4, @void}, 0x10)
r3 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1}})

8.000422198s ago: executing program 3 (id=2021):
connect$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
munlockall()
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x8)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)

7.81475368s ago: executing program 7 (id=2022):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_LOG_BASE(r0, 0x4008af04, &(0x7f0000000180)=&(0x7f0000000080))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000009c0))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

7.505639538s ago: executing program 6 (id=2023):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0xe3, 0xdd, 0xef, 0x20, 0x1d50, 0x60a1, 0xa14f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x9d, 0x14, 0x4e}}]}}]}}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000240)={0x1c, &(0x7f0000000000), 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000400)={0x34, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000840)={0x44, &(0x7f0000000580), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000180), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000540)={0x1c, &(0x7f00000002c0)={0x20, 0x12}, 0x0, 0x0, 0x0, 0x0, 0x0})

7.156972747s ago: executing program 9 (id=2024):
io_setup(0x405, &(0x7f0000000100)=<r0=>0x0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r1, 0x0)
r2 = epoll_create(0x8)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000006c0)={0x10000000})
io_submit(r0, 0x1, &(0x7f00000000c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
sendto$inet6(r1, 0x0, 0x0, 0x2004c8a0, 0x0, 0x0)

6.843331589s ago: executing program 7 (id=2025):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000200)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x50032, 0xffffffffffffffff, 0x0)
r1 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

6.558062288s ago: executing program 4 (id=2026):
r0 = landlock_create_ruleset(&(0x7f0000000080)={0x100, 0x0, 0x1}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
symlink(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/file0\x00', &(0x7f0000000e40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r2, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
renameat2(r1, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f0000002100)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2)

6.103968242s ago: executing program 6 (id=2027):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x400, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x3}}}]}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x804}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
unshare(0x2c000080)
syz_clone(0x142000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x4, 0x0)

6.007311257s ago: executing program 9 (id=2028):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x800040, &(0x7f0000000340), 0x1, 0x573, &(0x7f0000000ec0)="$eJzs3T1sG+UbAPDnzvG/X/mTIoEEqEMFSEWq6iT9gMLUrohKlTogsUDkuFEVJ47iBJooQ7pXiA4IUJeywcAIYmBALIysLCBmpIpGIDUdwMhfaZo4wSl1XHK/n3T2vfee/bzvnZ/XvtOdHEBmHa0/pBHPRsTFJGJoXd1AtCqPNtdbXVkq3ltZKiZRq136LYkkIu6uLBXb6yet50MRsRwRz0TEd/mI4+nmuNWFxcmxcrk02yoPz03NDFcXFk9cmRqbKE2Upk+98uqZs6fPjJ4cXf+ye7X1pfzO+nr95xvvX//h9Vs3Pv/iyHLxw7EkzsVgq259Px6l5jbJx7kNy0/3IlgfJf1uAA8l18rzeio9HUORa2V9J7WhXW0a0GO1fRE1IKMS+Q8Z1f4dUD/+bU+7+fvj9vnmAUg97mpratYMNM9NxP7GscnB35MHjkzqx5uHd7Oh7EnL1yJiZGBg8+c/aX3+Ht7Io2ggPfXt+eaO2rz/07XxJzqMP4Ptc6f/Unv8W900/t2Pn9ti/LvYZYw/3/rlky3jX4t4rmP8ZC1+0iF+GhHvdBn/5ptfn92qrvZpxLHoHL8t2f788PDlK+XSSPOxY4xvjh15bbv+H9wifvOc7f7G10yn7T/TZf+/+v7L55e3if/SC9vv/07b/0BEfNBl/CfvfvbGVnW3ryV36r8Cdrr/68tudRn/5XNHf+pyVQAAAAAAAAAAYAfSxrVsSVpYm0/TQqF5D+9TcTAtV6pzxy9X5qfHm9e8HY582r7SaqhZTurl0db1uO3yyQ3lU7lWwNyBRrlQrJTH+9x3AAAAAAAAAAAAAAAAAAAAeFwc2nD//x+5xv3/G/+uGtirtv7Lb2Cvk/+QXQ/mf9K3dgC7z/c/ZFZN/kN2yX/ILvkP2SX/IbvkP2SX/Ifskv8AAAAAAAAAAAAAAAAAAAAAAAAAANATFy9cqE+1eytLxXp5fGBhfrLy7onxUnWyMDVfLBQrszOFiUplolwqFCtT//R+SaUyMxLT81eH50rVueHqwuLbU5X56fZ/ipbyPe8RAAAAAAAAAAAAAAAAAAAA/PcMNqYkLURE2phP00Ih4v8RcTjyyeUr5dJIRDwRET/m8vvq5dF+NxoAAAAAAAAAAAAAAAAAAAD2mOrC4uRYuVyazcjMwE5WjojlR9uM+jvu+FX51r56XLahmSzM9HlgAgAAAAAAAAAAAAAAAACADLp/02+3r/irtw0CAAAAAAAAAAAAAAAAAACATEp/TSKiPh0benFwY+3/ktVc4zki3rt56aOrY3Nzs6P15XfWls993Fp+sh/tB7rVztN2HgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3VRcWJ8fK5dJsD2f63UcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAh/F3AAAA///pCdd8")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
stat(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
chown(&(0x7f0000000180)='./file1\x00', r1, 0x0)
open(0x0, 0x145142, 0x80)
ptrace$getregset(0x4204, 0x0, 0x202, &(0x7f0000000280)={&(0x7f0000000700)=""/143, 0x8f})
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)

5.961952075s ago: executing program 7 (id=2029):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000180)={'syzkaller0\x00', 0x7101})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8943, &(0x7f0000000100)={'syzkaller0\x00'})
ppoll(&(0x7f0000000140)=[{r0, 0x30}], 0x1, 0x0, 0x0, 0x0)

5.827966156s ago: executing program 3 (id=2030):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x1000000, 0x0, 0x0}, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2})
syz_clone3(&(0x7f0000000d80)={0xba0000, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, 0x0}, 0x58)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00005c1000/0x2000)=nil, 0x400000, 0x3, 0x2})

5.470687205s ago: executing program 4 (id=2031):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x4, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast2, @in6=@private2, 0x0, 0x0, 0x4e21, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x100000000000}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast2, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7, 0xfffffffe}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

5.233061648s ago: executing program 6 (id=2032):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000006080)=@newtfilter={0x38, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0x4}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_route={{0xa}, {0x8, 0x2, [@TCA_ROUTE4_ACT={0x4}]}}]}, 0x38}}, 0x20040054)

4.272690429s ago: executing program 9 (id=2033):
r0 = syz_io_uring_setup(0xb7f, &(0x7f0000000180)={0x0, 0x38ab, 0x80, 0x0, 0x1e6}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000600)=<r2=>0x0)
io_uring_register$IORING_REGISTER_PBUF_RING(r0, 0x16, &(0x7f0000000040)={&(0x7f0000001000)={[{0x0, 0x0, 0x3, 0xf4}]}, 0x1, 0x1}, 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {0x5, 0x0, 0xd}, [@NFACCT_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x10, r3, 0x0, 0x0, 0x0, 0x322, 0x1, {0x1}})
io_uring_enter(r0, 0x3516, 0x0, 0x0, 0x0, 0x0)

4.135947518s ago: executing program 3 (id=2034):
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
r1 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
fchdir(r2)

4.004712073s ago: executing program 7 (id=2035):
r0 = userfaultfd(0x80801)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100})
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4})
madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000})

3.335787557s ago: executing program 6 (id=2036):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x9, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008400000b704000000000000850000000100000095"], 0x0, 0x2af, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='block_bio_remap\x00', r2}, 0x10)
quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0)

1.517384835s ago: executing program 3 (id=2037):
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
syz_mount_image$fuse(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x40000, &(0x7f0000000380)=ANY=[], 0x1, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0)
fcntl$setlease(r0, 0x400, 0x1)
read$FUSE(r0, &(0x7f0000003280)={0x2020}, 0x2020)

797.403098ms ago: executing program 9 (id=2038):
syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x800810, &(0x7f0000000640)=ANY=[], 0x1, 0x669, &(0x7f0000001000)="$eJzs3c1vHGcdB/DvrDd2Ni3BTZM2oEq1GgkQFolf5IK5EBBCPlSoKgfOVuI0VjZpsV3kVog6vF576B9QDr4gTkjcIxUOXODWG/KxEhKXXjCnRTs7a6/XL10njb1pP59o9nmeeWae+T2/2Zl9saIN8IW1MJn6gxRZmHxlvd3e2pxtbm3O3u3Wk4wl2UjqSWpJiv+2Wq0Pk+tJsTNM0Vfu8/7y/GsffbL1cadVr5Zy+9pR+/WpttvoW73RXTeRZKQqH8Ge8W488njFTuTXk1ypSjh1Z5K09vjZ35/e6enROGjvsycSI/B4FZ3XzX3Gk3PVhd5+H9B95a2dbHSDGxtwu/53EAAAAPCkGeQz8Je3s5314vwJhAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACfCxu7v/9fVEutW59I0f39/9FqXar6cHnxeJs/eFxxAAAAAAAAAMAJenE721nP+W67VZR/83+pbFwsH5/KW1nNUlZyNetZzFrWspLpJOM9A42uL66trUwPsOfMgXvOfEqgY1XZ+GzmDQAAAAAAAACfM7/Kwu7f/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYBgUyUinSHG/Z/V4avUkZ5OMtldsJP/s1p9kD047AAAAADgBY8l21nO+224VuZjkufI7gLN5K/eyluWspZml3Cy/F+h86q9tbc42tzZn77aX/eN+/z/HCqMcMZ3vHg4+8uVyi0ZuZblcczU38kaauZlauWfb5Sqe7qh9cd1vx1R8rzJgZDersj3z96pyn3ePNdnDHPPLlPEyI2d2MjJVxdbOxjPdM3PwGTrm2ek/0nRqO8Fe7DvS6N7JPFTOz1Vlez6/Oyznp6I/EzM9z77njs558vW//OmnU1V9eKY0mJGqbJWPjf2ZmO3JxPODZOJ2896d27dWJ5+0TOwzVWbi0k57IT/KTzKZibyalSzn51nMWpYykR+WtcXq5Bc9l/whmbq+p/Xqp0UyWj1DOyfreDG9VO57Psv5cd7IzSzl5fLfTKbz7cxlLvM9Z/jS0We4vOprh1z1rS8dGPyVb1SVRpLfV+VwaOf1mZ689t5zx8u+3jW7WbowQJaOeW+sf7WqtI/x66ocDv2ZmO7JxLNHZ+IP5W1ltXnvzsrtxTcHO9yF96pK+zr6bTIxPDeS9vPlQvtkla29z45237MH9k2XfRd3+mr7+i7t9HWu1I1Dr9TR6j3c/pFmyr7nD+ybLfsu9/Qd9H4LgKF37pvnRhv/bvyj8UHjN43bjVfO/mDsO2MvjObMX898tz418rXaC8Wf80F+ufv5HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeHirb79zZ7HZXFrpq7RarXcP6RqwUq+O8JC7P0IlE/96qn3kA7q6P2d2gvF85enk5OY+rJX/tVqtak1xyDZ//NvQJKpVGYrUnVLl9O5JwMm4tnb3zWurb7/zreW7i68vvb50b35ubn5qfu7l2Wu3lptLU53H044SeBx2X/RPOxIAAAAAAAAAAABgUCfx3wlOe44AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAk21hMvUHKTI9dXWq3d7anG22l259d8t6klqS4hdJ8WFyPZ0l4z3DFYcd5/3l+dc++mTr492x6t3ta0ftN5iNaslEkpFOef+zGu9GVR6pOGoKxc4M2wm70k0cnLb/BwAA//+o5gZ+")
unlinkat(0xffffffffffffff9c, &(0x7f0000000c40)='./file1\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x10)
linkat(r0, &(0x7f0000000180)='./file1\x00', r0, &(0x7f0000000640)='./bus\x00', 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0)
ftruncate(r1, 0xc17a)

347.677045ms ago: executing program 6 (id=2039):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0)
syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x440200)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
setsockopt$XDP_UMEM_REG(0xffffffffffffffff, 0x11b, 0x4, &(0x7f0000000080)={0x0, 0x304000, 0x800, 0x0, 0x3}, 0x20)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)

190.875853ms ago: executing program 3 (id=2040):
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000280)={0x0, 0x4, 0x6}, 0xe)
shutdown(r0, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f0000000040)=[@in6={0xa, 0x4e22, 0x8, @ipv4={'\x00', '\xff\xff', @local}, 0x8f36}]}, &(0x7f0000000240)=0x10)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f00000004c0)=0x27)
getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000100)={0x9, 0x8002, 0x845, 0xffffffff, r2}, &(0x7f0000000140)=0x10)

0s ago: executing program 7 (id=2041):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x48e80, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000003c0)={0x2, 0x0, @ioapic={0x0, 0xb5, 0x3, 0xeffffdff, 0x0, [{0x0, 0x80}, {0x19, 0x5, 0x0, '\x00', 0x10}, {0xfc, 0x4}, {0xfe, 0x0, 0x3, '\x00', 0x2}, {0x8, 0x0, 0x5, '\x00', 0x9}, {}, {0x0, 0x85, 0xbe}, {0x0, 0x6}, {0x0, 0x1, 0x0, '\x00', 0xff}, {0x8, 0x4, 0xfe, '\x00', 0x42}, {0x0, 0x2}, {0x0, 0x50}, {0x8b, 0x0, 0x4, '\x00', 0x3}, {0x1, 0x4e}, {0x2, 0x2, 0x4, '\x00', 0xfe}, {0x0, 0x5}, {0x1, 0x0, 0x4, '\x00', 0x4}, {0x0, 0x0, 0x0, '\x00', 0xdd}, {0x1, 0x3, 0x7, '\x00', 0x3}, {0x80, 0x0, 0xeb, '\x00', 0x5}, {0x5, 0xe5}, {0x0, 0x40, 0x0, '\x00', 0x70}, {0x1, 0x0, 0xfe, '\x00', 0xe}, {0x10, 0x83, 0xe}]}})

kernel console output (not intermixed with test programs):

lave_1: entered allmulticast mode
[  463.533057][ T7534] bridge_slave_1: entered promiscuous mode
[  463.871256][ T7534] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  463.934920][ T7534] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  464.228431][ T5801] Bluetooth: hci2: command tx timeout
[  464.704794][ T7534] team0: Port device team_slave_0 added
[  464.761395][ T7534] team0: Port device team_slave_1 added
[  465.027033][ T5801] Bluetooth: hci0: command tx timeout
[  465.050911][ T7584] batadv_slave_1: entered promiscuous mode
[  465.065304][ T7583] batadv_slave_1: left promiscuous mode
[  465.079293][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_0
[  465.093839][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  465.122911][ T7534] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  465.165119][ T7567] chnl_net:caif_netlink_parms(): no params data found
[  465.231594][ T7534] batman_adv: batadv0: Adding interface: batadv_slave_1
[  465.239495][ T7534] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  465.267000][ T7534] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  465.859497][ T7534] hsr_slave_0: entered promiscuous mode
[  465.871450][ T7534] hsr_slave_1: entered promiscuous mode
[  465.880999][ T7534] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  465.889170][ T7534] Cannot create hsr debugfs directory
[  466.307194][ T5801] Bluetooth: hci2: command tx timeout
[  466.847233][ T7603] tipc: Failed to remove unknown binding: 66,2,2/0:2521426068/2521426069
[  466.925692][ T7567] bridge0: port 1(bridge_slave_0) entered blocking state
[  466.940564][ T7567] bridge0: port 1(bridge_slave_0) entered disabled state
[  466.948963][ T7567] bridge_slave_0: entered allmulticast mode
[  466.959856][ T7567] bridge_slave_0: entered promiscuous mode
[  467.110341][ T7567] bridge0: port 2(bridge_slave_1) entered blocking state
[  467.118900][ T7567] bridge0: port 2(bridge_slave_1) entered disabled state
[  467.127129][ T7567] bridge_slave_1: entered allmulticast mode
[  467.143238][ T7567] bridge_slave_1: entered promiscuous mode
[  467.372982][ T7534] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  467.418436][ T7567] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  467.432694][ T7534] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  467.502192][ T7567] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  467.538155][ T7534] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  467.895363][ T7534] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  467.982336][ T7567] team0: Port device team_slave_0 added
[  468.104702][ T7567] team0: Port device team_slave_1 added
[  468.437070][ T5801] Bluetooth: hci2: command tx timeout
[  468.521601][ T7567] batman_adv: batadv0: Adding interface: batadv_slave_0
[  468.529145][ T7567] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.556353][ T7567] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  468.682430][ T7619] tipc: Failed to remove unknown binding: 66,1,1/0:148270652/148270654
[  468.691784][ T7619] tipc: Failed to remove unknown binding: 66,1,1/0:148270652/148270654
[  468.762187][ T7567] batman_adv: batadv0: Adding interface: batadv_slave_1
[  468.770723][ T7567] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  468.802107][ T7567] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  469.427556][ T7567] hsr_slave_0: entered promiscuous mode
[  469.438891][ T7567] hsr_slave_1: entered promiscuous mode
[  469.448374][ T7567] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  469.456812][ T7567] Cannot create hsr debugfs directory
[  469.869001][ T7534] 8021q: adding VLAN 0 to HW filter on device bond0
[  470.103526][ T7534] 8021q: adding VLAN 0 to HW filter on device team0
[  470.239459][ T3807] bridge0: port 1(bridge_slave_0) entered blocking state
[  470.247423][ T3807] bridge0: port 1(bridge_slave_0) entered forwarding state
[  470.469541][ T5801] Bluetooth: hci2: command tx timeout
[  470.549496][ T3807] bridge0: port 2(bridge_slave_1) entered blocking state
[  470.557490][ T3807] bridge0: port 2(bridge_slave_1) entered forwarding state
[  471.167509][ T7567] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  471.224697][ T7637] overlayfs: failed to clone upperpath
[  471.278518][ T7567] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  471.380151][ T7567] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  471.493710][ T7567] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  472.307919][ T7645] overlayfs: failed to clone upperpath
[  472.920388][ T7567] 8021q: adding VLAN 0 to HW filter on device bond0
[  473.065705][ T7567] 8021q: adding VLAN 0 to HW filter on device team0
[  473.172328][ T6632] bridge0: port 1(bridge_slave_0) entered blocking state
[  473.180116][ T6632] bridge0: port 1(bridge_slave_0) entered forwarding state
[  473.307488][ T3807] bridge0: port 2(bridge_slave_1) entered blocking state
[  473.315256][ T3807] bridge0: port 2(bridge_slave_1) entered forwarding state
[  473.431356][ T7534] 8021q: adding VLAN 0 to HW filter on device batadv0
[  475.468573][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  475.475341][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  475.495530][ T1286] lec:lec_start_xmit: lec0:No lecd attached
[  475.957482][ T7676] netdevsim netdevsim1 netdevsim0: entered promiscuous mode
[  476.075856][ T7567] 8021q: adding VLAN 0 to HW filter on device batadv0
[  476.741803][ T7534] veth0_vlan: entered promiscuous mode
[  476.885434][ T7534] veth1_vlan: entered promiscuous mode
[  477.360168][ T7534] veth0_macvtap: entered promiscuous mode
[  477.476555][ T7534] veth1_macvtap: entered promiscuous mode
[  477.717418][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_0
[  477.815823][ T7534] batman_adv: batadv0: Interface activated: batadv_slave_1
[  477.895896][ T7534] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  477.905493][ T7534] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  477.917666][ T7534] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  477.927471][ T7534] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  479.696730][ T7567] veth0_vlan: entered promiscuous mode
[  479.815353][ T7567] veth1_vlan: entered promiscuous mode
[  480.241535][ T7567] veth0_macvtap: entered promiscuous mode
[  480.310508][ T7567] veth1_macvtap: entered promiscuous mode
[  480.506115][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms
[  480.514553][    C0] lec:lec_tx_timeout: lec0
[  480.540107][ T7567] batman_adv: batadv0: Interface activated: batadv_slave_0
[  480.681922][ T7567] batman_adv: batadv0: Interface activated: batadv_slave_1
[  480.796684][ T7567] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  480.806258][ T7567] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  480.815445][ T7567] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  480.824947][ T7567] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  489.674597][ T6647] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  489.683079][ T6647] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  489.806653][ T7838] loop4: detected capacity change from 0 to 2048
[  489.870943][ T7838] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  490.061507][ T4263] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.070142][ T4263] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  492.962997][ T3883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  492.971303][ T3883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  493.201650][ T6647] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  493.210952][ T6647] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  493.793469][ T7867] loop4: detected capacity change from 0 to 16
[  493.895162][ T7867] erofs (device loop4): mounted with root inode @ nid 36.
[  494.182101][ T7867] evm: overlay not supported
[  495.906674][   T30] kauditd_printk_skb: 66 callbacks suppressed
[  495.906767][   T30] audit: type=1326 audit(1750484389.552:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7883 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x7fc00000
[  496.055732][ T5852] libceph: connect (1)[c::]:6789 error -101
[  496.062844][ T5852] libceph: mon0 (1)[c::]:6789 connect error
[  496.282840][    C1] hrtimer: interrupt took 304079 ns
[  496.361088][ T5852] libceph: connect (1)[c::]:6789 error -101
[  496.367828][ T5852] libceph: mon0 (1)[c::]:6789 connect error
[  496.507154][   T30] audit: type=1326 audit(1750484390.152:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7883 comm="syz.1.647" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf703e539 code=0x7fc00000
[  496.812990][ T7892] ceph: No mds server is up or the cluster is laggy
[  496.888104][ T5852] libceph: connect (1)[c::]:6789 error -101
[  496.894753][ T5852] libceph: mon0 (1)[c::]:6789 connect error
[  497.659831][ T7907] netlink: 156 bytes leftover after parsing attributes in process `syz.6.654'.
[  502.734977][ T7940] loop6: detected capacity change from 0 to 512
[  502.958410][ T7942] capability: warning: `syz.4.668' uses 32-bit capabilities (legacy support in use)
[  503.002473][ T7940] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  503.072143][ T7940] System zones: 0-2, 18-18, 34-34
[  503.217004][ T7940] EXT4-fs error (device loop6): ext4_validate_block_bitmap:441: comm syz.6.667: bg 0: block 248: padding at end of block bitmap is not set
[  503.297472][ T7940] Quota error (device loop6): write_blk: dquota write failed
[  503.305814][ T7940] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  503.317320][ T7940] EXT4-fs error (device loop6): ext4_acquire_dquot:6933: comm syz.6.667: Failed to acquire dquot type 1
[  503.428975][ T7940] EXT4-fs (loop6): 1 truncate cleaned up
[  503.438078][ T7940] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  503.451498][ T7940] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  503.939905][ T7953] vlan2: entered allmulticast mode
[  503.945374][ T7953] bridge_slave_0: entered allmulticast mode
[  504.237659][ T7956] nbd5: detected capacity change from 0 to 4294967296
[  504.259884][ T7567] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.277082][ T7955] block nbd5: shutting down sockets
[  504.315302][    C1] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.325173][    C1] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.333903][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.344409][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.353054][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.362926][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.371582][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.381666][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.390327][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.399962][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.417462][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.429575][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.438094][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.447838][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.456508][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.465908][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.474318][ T7840] ldm_validate_partition_table(): Disk read failed.
[  504.481645][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.491450][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.499938][ T7840] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  504.509608][ T7840] Buffer I/O error on dev nbd5, logical block 0, async page read
[  504.527485][ T7840] Dev nbd5: unable to read RDB block 0
[  504.534388][ T7840]  nbd5: unable to read partition table
[  504.560701][ T7840] ldm_validate_partition_table(): Disk read failed.
[  504.568813][ T7840] Dev nbd5: unable to read RDB block 0
[  504.575765][ T7840]  nbd5: unable to read partition table
[  504.659731][ T7958] netlink: 4 bytes leftover after parsing attributes in process `syz.3.674'.
[  504.869276][   T30] audit: type=1326 audit(1750484398.532:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7959 comm="syz.1.675" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf703e539 code=0x0
[  505.575171][ T7969] netlink: 'syz.3.679': attribute type 1 has an invalid length.
[  505.583604][ T7969] netlink: 'syz.3.679': attribute type 4 has an invalid length.
[  505.592124][ T7969] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.679'.
[  505.689014][ T7968] netdevsim netdevsim5 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  505.698647][ T7968] netdevsim netdevsim5 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  505.708123][ T7968] netdevsim netdevsim5 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  505.717873][ T7968] netdevsim netdevsim5 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  505.781810][ T7968] vxlan0: entered promiscuous mode
[  505.788960][ T7968] vxlan0: entered allmulticast mode
[  505.883020][ T7968] netdevsim netdevsim5 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  505.892846][ T7968] netdevsim netdevsim5 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  505.903404][ T7968] netdevsim netdevsim5 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  505.913235][ T7968] netdevsim netdevsim5 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  508.833915][ T8003] netlink: 'syz.1.691': attribute type 5 has an invalid length.
[  508.842408][ T8003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.691'.
[  509.776669][ T5879] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  510.024127][ T5879] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  510.036591][ T5879] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  510.117604][ T5879] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  510.127591][ T5879] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  510.136542][ T5879] usb 6-1: Product: syz
[  510.140987][ T5879] usb 6-1: Manufacturer: syz
[  510.151776][ T5879] usb 6-1: SerialNumber: syz
[  510.511281][ T8011] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  511.161493][ T8011] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  511.430359][ T5879] cdc_mbim 6-1:1.0: MAC-Address: 42:42:42:42:42:42
[  511.437639][ T5879] cdc_mbim 6-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048
[  511.445711][ T5879] cdc_mbim 6-1:1.0: setting rx_max = 2048
[  511.639545][ T5879] cdc_mbim 6-1:1.0: setting tx_max = 184
[  511.698981][ T5879] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  511.749597][ T5879] wwan wwan0: port wwan0mbim0 attached
[  511.842119][ T5879] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.5-1, CDC MBIM, 42:42:42:42:42:42
[  512.018477][ T5879] usb 6-1: USB disconnect, device number 2
[  512.027269][ T5879] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.5-1, CDC MBIM
[  512.198443][ T5879] wwan wwan0: port wwan0mbim0 disconnected
[  512.290077][ T8032] netlink: 'syz.1.703': attribute type 2 has an invalid length.
[  512.305110][ T8032] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.703'.
[  512.317042][ T8032] nbd: must specify a device to reconfigure
[  513.499547][ T5879] kernel read not supported for file /input/event0 (pid: 5879 comm: kworker/1:5)
[  514.235580][ T8055] netlink: 28 bytes leftover after parsing attributes in process `syz.6.710'.
[  515.525006][ T8069] kernel read not supported for file /eth0 (pid: 8069 comm: syz.4.717)
[  515.557021][   T30] audit: type=1800 audit(1750484409.192:127): pid=8069 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.717" name="eth0" dev="mqueue" ino=14646 res=0 errno=0
[  516.473996][   T30] audit: type=1326 audit(1750484410.122:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8079 comm="syz.4.722" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x0
[  516.660458][ T8087] fuse: root generation should be zero
[  520.641322][ T8121] loop5: detected capacity change from 0 to 1024
[  520.773090][ T8121] EXT4-fs: Ignoring removed nobh option
[  520.779530][ T8121] EXT4-fs: Ignoring removed bh option
[  520.979057][ T8121] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  521.162035][ T8121] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt.
[  522.150176][ T7534] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.840057][ T8165] netlink: 'syz.6.751': attribute type 1 has an invalid length.
[  526.846504][ T5852] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  527.063433][ T5852] usb 7-1: config 0 has no interfaces?
[  527.104251][ T5852] usb 7-1: New USB device found, idVendor=0af0, idProduct=7a25, bcdDevice= 0.00
[  527.114299][ T5852] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.122950][ T5852] usb 7-1: Product: syz
[  527.127784][ T5852] usb 7-1: Manufacturer: syz
[  527.132681][ T5852] usb 7-1: SerialNumber: syz
[  527.226994][ T5852] usb 7-1: config 0 descriptor??
[  528.024774][ T8194] syz.3.764 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  528.146526][ T5852] usb 7-1: USB disconnect, device number 2
[  528.466824][ T8199] syz_tun: entered allmulticast mode
[  528.959475][ T8198] syz_tun: left allmulticast mode
[  532.395357][ T8237] overlayfs: failed to clone upperpath
[  532.653763][ T8239] loop6: detected capacity change from 0 to 1024
[  532.868225][ T8239] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  533.066245][   T30] audit: type=1800 audit(1750484426.722:129): pid=8239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.782" name="file1" dev="loop6" ino=15 res=0 errno=0
[  533.135334][ T8239] EXT4-fs error (device loop6): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt.
[  533.867700][ T7567] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  536.905482][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  536.912689][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  536.930475][ T1286] lec:lec_start_xmit: lec0:No lecd attached
[  538.264615][    C0] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  540.078825][ T5852] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  540.296352][ T5852] usb 5-1: Using ep0 maxpacket: 16
[  540.316615][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  540.328396][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  540.338744][ T5852] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  540.358968][ T5852] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  540.366457][ T5879] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  540.370325][ T5852] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  540.480768][ T5852] usb 5-1: config 0 descriptor??
[  540.586924][ T5879] usb 6-1: Using ep0 maxpacket: 16
[  540.608541][ T5879] usb 6-1: config 1 has an invalid interface number: 105 but max is 0
[  540.617748][ T5879] usb 6-1: config 1 has no interface number 0
[  540.624268][ T5879] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  540.635608][ T5879] usb 6-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  540.646294][ T5879] usb 6-1: config 1 interface 105 has no altsetting 0
[  540.961458][ T5879] usb 6-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  540.976927][ T5879] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  540.985278][ T5879] usb 6-1: Product: syz
[  540.991877][ T5879] usb 6-1: Manufacturer: syz
[  540.997249][ T5879] usb 6-1: SerialNumber: syz
[  541.214020][ T8314] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  541.249289][ T5852] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0004/input/input10
[  541.258957][ T8314] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  541.819920][ T8314] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  541.852115][ T8314] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22
[  541.863816][ T5852] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  542.042931][ T5852] usb 5-1: USB disconnect, device number 7
[  542.364703][ T5879] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  542.450964][ T5879] aqc111 6-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  542.466189][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5530 ms
[  542.474603][    C0] lec:lec_tx_timeout: lec0
[  542.686688][ T5879] aqc111 6-1:1.105 eth5: register 'aqc111' at usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41
[  542.872794][ T8326] bond2: entered promiscuous mode
[  542.878504][ T8326] bond2: entered allmulticast mode
[  542.886659][ T8326] 8021q: adding VLAN 0 to HW filter on device bond2
[  542.952293][ T8326] bond2 (unregistering): Released all slaves
[  543.051812][ T5879] usb 6-1: USB disconnect, device number 3
[  543.063574][ T5879] aqc111 6-1:1.105 eth5: unregister 'aqc111' usb-dummy_hcd.5-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  543.351671][ T8324] fido_id[8324]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  543.719094][ T5879] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  543.737797][ T5879] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  543.751238][ T5879] aqc111 6-1:1.105 eth5 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  544.778808][ T8342] netlink: 12 bytes leftover after parsing attributes in process `syz.3.822'.
[  545.543166][ T8347] loop6: detected capacity change from 0 to 128
[  545.590195][ T8347] vfat: Unknown parameter '����'
[  548.982899][ T8378] loop4: detected capacity change from 0 to 256
[  549.209838][ T8378] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  550.096712][ T8395] 9pnet_fd: Insufficient options for proto=fd
[  550.809911][ T8397] overlayfs: failed to clone upperpath
[  551.126727][   T30] audit: type=1800 audit(1750484444.762:130): pid=8399 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.845" name="file1" dev="overlay" ino=221 res=0 errno=0
[  551.566707][ T8404] overlayfs: failed to clone upperpath
[  552.534272][ T8415] bridge0: entered allmulticast mode
[  552.610784][ T8415] pim6reg: entered allmulticast mode
[  552.752908][ T8415] netlink: 4 bytes leftover after parsing attributes in process `syz.5.850'.
[  552.762637][ T8415] bridge_slave_1: left allmulticast mode
[  552.768807][ T8415] bridge_slave_1: left promiscuous mode
[  552.776202][ T8415] bridge0: port 2(bridge_slave_1) entered disabled state
[  552.870311][ T8418] netlink: 16 bytes leftover after parsing attributes in process `syz.1.852'.
[  552.905614][ T8415] bridge_slave_0: left allmulticast mode
[  552.912773][ T8415] bridge_slave_0: left promiscuous mode
[  552.920194][ T8415] bridge0: port 1(bridge_slave_0) entered disabled state
[  553.037876][ T8415] bridge0 (unregistering): left allmulticast mode
[  553.876210][ T8423] netem: incorrect ge model size
[  553.881631][ T8423] netem: change failed
[  554.287343][ T8428] sctp: [Deprecated]: syz.1.855 (pid 8428) Use of struct sctp_assoc_value in delayed_ack socket option.
[  554.287343][ T8428] Use struct sctp_sack_info instead
[  554.647902][ T8431] netlink: 'syz.5.856': attribute type 16 has an invalid length.
[  554.656366][ T8431] netlink: 'syz.5.856': attribute type 17 has an invalid length.
[  554.874619][ T8431] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  556.296744][ T5879] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  556.503486][ T5879] usb 6-1: Using ep0 maxpacket: 32
[  556.576408][ T5879] usb 6-1: config 0 has an invalid interface number: 67 but max is 0
[  556.585195][ T5879] usb 6-1: config 0 has no interface number 0
[  556.726713][ T5879] usb 6-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  556.743259][ T5879] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  556.753718][ T5879] usb 6-1: Product: syz
[  556.758526][ T5879] usb 6-1: Manufacturer: syz
[  556.763443][ T5879] usb 6-1: SerialNumber: syz
[  556.952590][ T5879] usb 6-1: config 0 descriptor??
[  557.030920][ T5879] smsc95xx v2.0.0
[  557.109190][ T8448] loop6: detected capacity change from 0 to 32768
[  557.199715][ T8448] (syz.6.862,8448,0):ocfs2_check_set_options:1259 ERROR: Group quotas were requested, but this filesystem does not have the feature enabled.
[  557.228729][ T8448] (syz.6.862,8448,0):ocfs2_fill_super:1177 ERROR: status = -22
[  557.547948][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  557.568624][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  557.780232][ T8458] loop4: detected capacity change from 0 to 512
[  558.361483][ T8466] overlayfs: failed to clone upperpath
[  558.413584][ T8458] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  558.428348][ T8458] ext4 filesystem being mounted at /172/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  558.442173][ T5879] smsc95xx 6-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  558.454633][ T5879] smsc95xx 6-1:0.67: probe with driver smsc95xx failed with error -71
[  558.585483][ T5879] usb 6-1: USB disconnect, device number 4
[  558.975359][ T8458] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.865: corrupted inode contents
[  559.067168][ T8458] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.865: mark_inode_dirty error
[  559.177727][ T8458] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.865: corrupted inode contents
[  559.242686][ T8458] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.865: mark_inode_dirty error
[  560.107559][ T8482] netlink: 20 bytes leftover after parsing attributes in process `syz.6.872'.
[  560.354004][ T8486] netlink: 20 bytes leftover after parsing attributes in process `syz.1.873'.
[  560.468198][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  561.928434][ T8497] overlayfs: failed to clone upperpath
[  564.148531][ T8519] loop5: detected capacity change from 0 to 256
[  564.176278][ T8519] exfat: Invalid uid '0x00000000ffffffff'
[  565.893027][ T8539] block device autoloading is deprecated and will be removed.
[  566.623583][ T8545] kernel read not supported for file /z� (pid: 8545 comm: syz.5.897)
[  566.639785][   T30] audit: type=1800 audit(1750484460.292:131): pid=8545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.897" name=7ABF17 dev="mqueue" ino=16457 res=0 errno=0
[  566.676955][ T8546] Invalid ELF header magic: != ELF
[  567.666869][ T2230] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  568.035277][ T8558] netlink: 4 bytes leftover after parsing attributes in process `syz.1.904'.
[  568.054441][ T2230] usb 5-1: unable to get BOS descriptor or descriptor too short
[  568.166507][ T2230] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  568.247259][ T2230] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  568.257183][ T2230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  568.265586][ T2230] usb 5-1: Product: syz
[  568.271645][ T2230] usb 5-1: Manufacturer: syz
[  568.276971][ T2230] usb 5-1: SerialNumber: syz
[  568.328771][ T8563] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  568.948411][ T2230] usb 5-1: USB disconnect, device number 8
[  569.298587][ T8037] udevd[8037]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  572.910414][ T8607] netlink: 'syz.5.923': attribute type 1 has an invalid length.
[  573.027333][ T8607] 8021q: adding VLAN 0 to HW filter on device bond1
[  573.146398][   T30] audit: type=1800 audit(1750484466.802:132): pid=8612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.924" name="bus" dev="tmpfs" ino=1092 res=0 errno=0
[  573.215022][ T8611] bond1: (slave dummy0): making interface the new active one
[  573.241352][ T8611] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  574.062520][ T8617] netlink: 'syz.6.925': attribute type 4 has an invalid length.
[  574.119737][ T8617] netlink: 'syz.6.925': attribute type 4 has an invalid length.
[  574.482031][ T8620] 9pnet: p9_errstr2errno: server reported unknown error �j���=��ƫ&B
[  576.102596][ T5879] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  576.284387][ T5879] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  576.306350][ T5879] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  576.418514][ T5879] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  576.428515][ T5879] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  576.437327][ T5879] usb 6-1: SerialNumber: syz
[  576.803531][ T5879] usb 6-1: 0:2 : does not exist
[  576.996515][ T5879] usb 6-1: USB disconnect, device number 5
[  577.344231][ T8037] udevd[8037]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  577.657734][ T8654] netlink: 4 bytes leftover after parsing attributes in process `syz.6.942'.
[  577.683894][ T8655] netlink: 'syz.4.941': attribute type 4 has an invalid length.
[  577.896156][ T8657] netlink: 'syz.4.941': attribute type 4 has an invalid length.
[  578.902024][ T8668] netlink: 'syz.6.945': attribute type 10 has an invalid length.
[  578.911588][ T8668] bridge0: port 2(bridge_slave_1) entered disabled state
[  578.922337][ T8668] bridge0: port 1(bridge_slave_0) entered disabled state
[  578.955138][ T8668] bridge0: port 2(bridge_slave_1) entered blocking state
[  578.963056][ T8668] bridge0: port 2(bridge_slave_1) entered forwarding state
[  578.972364][ T8668] bridge0: port 1(bridge_slave_0) entered blocking state
[  578.980261][ T8668] bridge0: port 1(bridge_slave_0) entered forwarding state
[  579.021946][ T8668] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  579.620121][ T8672] loop4: detected capacity change from 0 to 512
[  579.906855][ T5091] Bluetooth: hci0: command 0x0406 tx timeout
[  580.060758][ T8672] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  580.075228][ T8672] ext4 filesystem being mounted at /182/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  580.218867][ T8672] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.946: corrupted inode contents
[  580.327811][ T8672] EXT4-fs error (device loop4): ext4_dirty_inode:6459: inode #2: comm syz.4.946: mark_inode_dirty error
[  580.424862][ T8672] EXT4-fs error (device loop4): ext4_do_update_inode:5568: inode #2: comm syz.4.946: corrupted inode contents
[  580.567868][ T8672] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.946: mark_inode_dirty error
[  581.372947][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  581.812253][ T8697] team0 (unregistering): Port device team_slave_0 removed
[  581.987466][ T8697] team0 (unregistering): Port device team_slave_1 removed
[  583.069836][ T8707] netlink: 'syz.5.956': attribute type 4 has an invalid length.
[  583.177340][ T8707] netlink: 'syz.5.956': attribute type 4 has an invalid length.
[  584.469021][ T8715] netlink: 12 bytes leftover after parsing attributes in process `syz.4.960'.
[  584.936977][ T8722] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  584.944501][ T8722] IPv6: NLM_F_CREATE should be set when creating new route
[  585.033287][ T5091] Bluetooth: hci2: command 0x0406 tx timeout
[  585.085723][ T8724] netlink: 4 bytes leftover after parsing attributes in process `syz.5.963'.
[  586.287570][ T8732] team0 (unregistering): Port device team_slave_0 removed
[  586.367411][ T8732] team0 (unregistering): Port device team_slave_1 removed
[  588.384880][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805022b200: rx timeout, send abort
[  588.397774][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805022b200: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  589.832893][ T8760] gtp0: entered promiscuous mode
[  590.262404][ T8766] netlink: 4 bytes leftover after parsing attributes in process `syz.1.978'.
[  591.071486][ T8766] bridge_slave_1: left allmulticast mode
[  591.079468][ T8766] bridge_slave_1: left promiscuous mode
[  591.086866][ T8766] bridge0: port 2(bridge_slave_1) entered disabled state
[  591.202187][ T8766] bridge_slave_0: left allmulticast mode
[  591.209686][ T8766] bridge_slave_0: left promiscuous mode
[  591.217137][ T8766] bridge0: port 1(bridge_slave_0) entered disabled state
[  591.269210][ T8779] netlink: 44 bytes leftover after parsing attributes in process `syz.6.977'.
[  591.770507][ T8774] netlink: 4 bytes leftover after parsing attributes in process `syz.6.977'.
[  592.825489][ T8787] loop4: detected capacity change from 0 to 1024
[  593.197889][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!!
[  593.710663][    T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!!
[  594.486553][ T8805] 9pnet: p9_errstr2errno: server reported unknown error a�'��%6U�;qB&ð��)�{��y�l���Nl�6�w�_JXb_��Cɇ[
[  594.722122][ T8809] 8021q: adding VLAN 0 to HW filter on device bond2
[  596.870706][ T8825] loop5: detected capacity change from 0 to 4096
[  597.108093][ T8825] NILFS (loop5): invalid segment: Checksum error in segment payload
[  597.116910][ T8825] NILFS (loop5): trying rollback from an earlier position
[  597.317133][ T8825] NILFS (loop5): recovery complete
[  597.363073][ T8835] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  597.620831][ T8825] overlayfs: failed to create directory ./file0/work (errno: 1); mounting read-only
[  597.631346][ T8825] overlayfs: failed to get uuid (/file2, err=-95); falling back to uuid=null.
[  598.377807][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  598.384592][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  598.410785][ T1286] lec:lec_start_xmit: lec0:No lecd attached
[  599.281704][ T8843] sctp: [Deprecated]: syz.3.1006 (pid 8843) Use of struct sctp_assoc_value in delayed_ack socket option.
[  599.281704][ T8843] Use struct sctp_sack_info instead
[  601.374462][ T8865] loop4: detected capacity change from 0 to 64
[  603.430485][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5010 ms
[  603.439022][    C0] lec:lec_tx_timeout: lec0
[  603.548585][ T8893] loop5: detected capacity change from 0 to 512
[  603.607081][ T8893] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  603.681054][ T8893] EXT4-fs (loop5): 1 truncate cleaned up
[  603.689823][ T8893] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  603.760265][ T8893] syz.5.1024 (pid 8893) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  604.356511][ T7534] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  605.014606][ T8909] loop6: detected capacity change from 0 to 524287999
[  606.283178][ T8918] overlayfs: failed to clone upperpath
[  607.186901][   T30] audit: type=1326 audit(1750484500.822:133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8923 comm="syz.6.1037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7fc00000
[  607.209584][   T30] audit: type=1326 audit(1750484500.862:134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8923 comm="syz.6.1037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=329 compat=1 ip=0xf7f24539 code=0x7fc00000
[  607.236933][   T30] audit: type=1326 audit(1750484500.872:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8923 comm="syz.6.1037" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7fc00000
[  610.206748][ T5879] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  610.403167][ T5879] usb 5-1: Using ep0 maxpacket: 16
[  610.462993][ T5879] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  610.473109][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  610.482138][ T5879] usb 5-1: Product: syz
[  610.487063][ T5879] usb 5-1: Manufacturer: syz
[  610.491977][ T5879] usb 5-1: SerialNumber: syz
[  610.723680][ T5879] usb 5-1: config 0 descriptor??
[  611.039046][ T5879] usb 5-1: USB disconnect, device number 9
[  611.171955][ T7840] udevd[7840]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  612.078869][ T4198] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.310491][ T4198] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.530731][ T4198] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  612.783673][ T4198] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  613.327909][ T4198] bridge_slave_1: left allmulticast mode
[  613.333901][ T4198] bridge_slave_1: left promiscuous mode
[  613.341110][ T4198] bridge0: port 2(bridge_slave_1) entered disabled state
[  613.487467][ T4198] bridge_slave_0: left allmulticast mode
[  613.493543][ T4198] bridge_slave_0: left promiscuous mode
[  613.501196][ T4198] bridge0: port 1(bridge_slave_0) entered disabled state
[  613.540981][ T8989] input: syz1 as /devices/virtual/input/input11
[  614.511161][ T4198] bond1 (unregistering): (slave gretap1): Releasing active interface
[  614.907643][ T4198] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  614.954318][ T4198] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  614.998815][ T4198] bond0 (unregistering): Released all slaves
[  615.033656][ T4198] bond1 (unregistering): Released all slaves
[  615.484423][ T9005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1068'.
[  615.544869][ T4198] tipc: Disabling bearer <udp:s>
[  615.551244][ T4198] tipc: Left network mode
[  615.658311][ T9005] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1068'.
[  616.299766][ T4198] hsr_slave_0: left promiscuous mode
[  616.367014][ T4198] hsr_slave_1: left promiscuous mode
[  616.375824][ T4198] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  616.384155][ T4198] batman_adv: batadv0: Removing interface: batadv_slave_0
[  616.479545][ T4198] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  616.487770][ T4198] batman_adv: batadv0: Removing interface: batadv_slave_1
[  616.629906][ T4198] veth1_macvtap: left promiscuous mode
[  616.636646][ T4198] veth0_macvtap: left promiscuous mode
[  616.648389][ T4198] veth1_vlan: left promiscuous mode
[  616.654110][ T4198] veth0_vlan: left promiscuous mode
[  618.011754][ T4198] team0 (unregistering): Port device team_slave_1 removed
[  618.135241][ T4198] team0 (unregistering): Port device team_slave_0 removed
[  619.381258][ T4198] IPVS: stop unused estimator thread 0...
[  620.713389][ T9048] loop4: detected capacity change from 0 to 4096
[  621.433052][ T9053] loop5: detected capacity change from 0 to 32768
[  621.457232][ T9053] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1086 (9053)
[  621.484342][ T9053] BTRFS info (device loop5): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  621.495305][ T9053] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm
[  621.505388][ T9053] BTRFS info (device loop5): disk space caching is enabled
[  621.513220][ T9053] BTRFS warning (device loop5): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  621.588130][ T9048] NILFS (loop4): invalid segment: Checksum error in segment payload
[  621.597261][ T9048] NILFS (loop4): trying rollback from an earlier position
[  621.802263][ T9048] NILFS (loop4): recovery complete
[  621.892383][ T9053] BTRFS info (device loop5): rebuilding free space tree
[  621.934173][ T9081] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  621.946891][ T9053] BTRFS info (device loop5): disabling free space tree
[  621.954347][ T9053] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  621.971060][ T9053] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  622.123037][ T9053] BTRFS info (device loop5): balance: start -susage=34359738372,drange=7..526336,limit=0..6
[  622.138757][ T9053] ------------[ cut here ]------------
[  622.144687][ T9053] BTRFS: Transaction aborted (error -28)
[  622.155597][ T9053] WARNING: CPU: 0 PID: 9053 at fs/btrfs/block-group.c:2781 btrfs_create_pending_block_groups+0x1497/0x2720
[  622.176551][ T9053] Modules linked in:
[  622.180871][ T9053] CPU: 0 UID: 0 PID: 9053 Comm: syz.5.1086 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(undef) 
[  622.193750][ T9053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  622.204535][ T9053] RIP: 0010:btrfs_create_pending_block_groups+0x1497/0x2720
[  622.212679][ T9053] Code: 44 89 a0 68 09 00 00 48 c7 80 80 0c 00 00 00 00 00 00 45 85 ed 0f 85 6d 11 00 00 48 c7 c7 89 89 ff 91 89 de e8 4a d0 c7 fb 90 <0f> 0b 90 90 e9 2c ff ff ff 8b 7d d4 e8 f8 ce 3e fd 48 8b 45 b8 e9
[  622.233127][ T9053] RSP: 0018:ffff8881329ef468 EFLAGS: 00010287
[  622.239848][ T9053] RAX: ffffffff81207e15 RBX: 00000000ffffffe4 RCX: 0000000000080000
[  622.248421][ T9053] RDX: ffffc90016527000 RSI: 0000000000004d58 RDI: 0000000000004d59
[  622.256845][ T9053] RBP: ffff8881329ef618 R08: ffffea000000000f R09: 0000000000000000
[  622.263650][ T9048] overlayfs: upper fs does not support tmpfile.
[  622.265138][ T9053] R10: ffff888237b8c028 R11: ffff88823f274400 R12: 0000000000000000
[  622.265252][ T9053] R13: 0000000000000000 R14: 0000000000000001 R15: 0000000000000000
[  622.265349][ T9053] FS:  0000000000000000(0000) GS:ffff8881aa87f000(0063) knlGS:00000000f5076b40
[  622.306923][ T9053] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  622.313946][ T9053] CR2: 000000000c366f1e CR3: 0000000119de0000 CR4: 00000000003526f0
[  622.322488][ T9053] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  622.330976][ T9053] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  622.339377][ T9053] Call Trace:
[  622.342903][ T9053]  <TASK>
[  622.346429][ T9053]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  622.353025][ T9053]  ? btrfs_chunk_alloc_add_chunk_item+0x1583/0x18e0
[  622.360259][ T9053]  ? kmsan_get_shadow_origin_ptr+0x10/0xb0
[  622.366742][ T9053]  ? btrfs_trans_release_metadata+0x2e6/0xaa0
[  622.379760][ T9053]  __btrfs_end_transaction+0x1a1/0xb40
[  622.385670][ T9053]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  622.394808][ T9053]  btrfs_end_transaction+0x30/0x40
[  622.400552][ T9053]  btrfs_inc_block_group_ro+0xf96/0x10e0
[  622.407076][ T9053]  btrfs_relocate_block_group+0x589/0x1b30
[  622.413323][ T9053]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  622.419819][ T9053]  btrfs_relocate_chunk+0xe0/0x660
[  622.425449][ T9053]  ? kmsan_get_metadata+0xfb/0x160
[  622.431130][ T9053]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  622.437511][ T9053]  __btrfs_balance+0x3507/0x3a00
[  622.443004][ T9053]  btrfs_balance+0x14fa/0x1e50
[  622.448519][ T9053]  btrfs_ioctl_balance+0x79d/0xdd0
[  622.454053][ T9053]  btrfs_ioctl+0xe6a/0x1340
[  622.459398][ T9048] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  622.459522][ T9048] overlayfs: failed to set xattr on upper
[  622.466949][ T9053]  btrfs_compat_ioctl+0x69/0x80
[  622.472906][ T9048] overlayfs: ...falling back to redirect_dir=nofollow.
[  622.484030][ T9053]  ? __pfx_btrfs_compat_ioctl+0x10/0x10
[  622.484263][ T9053]  __ia32_compat_sys_ioctl+0x7f9/0x1270
[  622.484501][ T9053]  ? kmsan_get_metadata+0xfb/0x160
[  622.492941][ T9048] overlayfs: ...falling back to index=off.
[  622.493005][ T9048] overlayfs: ...falling back to uuid=null.
[  622.523398][ T9053]  ? kmsan_get_metadata+0xfb/0x160
[  622.529358][ T9053]  ia32_sys_call+0x2d07/0x42c0
[  622.534532][ T9053]  __do_fast_syscall_32+0xb0/0x150
[  622.540176][ T9053]  ? irqentry_exit_to_user_mode+0x82/0xa0
[  622.546768][ T9053]  do_fast_syscall_32+0x38/0x80
[  622.552022][ T9053]  do_SYSENTER_32+0x1f/0x30
[  622.557025][ T9053]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  622.565443][ T9053] RIP: 0023:0xf7f54539
[  622.570243][ T9053] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  622.597665][ T9053] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036
[  622.609003][ T9053] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c4009420
[  622.617755][ T9053] RDX: 0000000080000440 RSI: 0000000000000000 RDI: 0000000000000000
[  622.626230][ T9053] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  622.634532][ T9053] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  622.643495][ T9053] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  622.652456][ T9053]  </TASK>
[  622.655821][ T9053] ---[ end trace 0000000000000000 ]---
[  622.661698][ T9053] BTRFS info (device loop5 state A): dumping space info:
[  622.669212][ T9053] BTRFS info (device loop5 state A): space_info DATA+METADATA (sub-group id 0) has 2240512 free, is full
[  622.686930][ T9053] BTRFS info (device loop5 state A): space_info total=3276800, used=49152, pinned=0, reserved=0, may_use=987136, readonly=0 zone_unusable=0
[  622.704091][ T9053] BTRFS info (device loop5 state A): space_info SYSTEM (sub-group id 0) has 8253440 free, is not full
[  622.715812][ T9053] BTRFS info (device loop5 state A): space_info total=12451840, used=4096, pinned=0, reserved=4096, may_use=0, readonly=4190208 zone_unusable=0
[  622.731755][ T9053] BTRFS info (device loop5 state A): global_block_rsv: size 983040 reserved 983040
[  622.741657][ T9053] BTRFS info (device loop5 state A): trans_block_rsv: size 0 reserved 0
[  622.750949][ T9053] BTRFS info (device loop5 state A): chunk_block_rsv: size 0 reserved 0
[  622.760053][ T9053] BTRFS info (device loop5 state A): delayed_block_rsv: size 0 reserved 0
[  622.769198][ T9053] BTRFS info (device loop5 state A): delayed_refs_rsv: size 196608 reserved 4096
[  622.778904][ T9053] BTRFS: error (device loop5 state A) in btrfs_create_pending_block_groups:2781: errno=-28 No space left
[  622.796530][ T9053] BTRFS info (device loop5 state EA): forced readonly
[  622.804002][ T9053] BTRFS: error (device loop5 state EA) in btrfs_create_pending_block_groups:2793: errno=-28 No space left
[  622.818491][ T9053] BTRFS info (device loop5 state EA): balance: ended with status: -30
[  622.963479][ T7534] BTRFS info (device loop5 state EA): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  626.320195][ T9119] vxcan1: entered allmulticast mode
[  628.937183][ T2230] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  629.127845][ T2230] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  629.144207][ T2230] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  629.156678][ T2230] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  629.166303][ T2230] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  629.272459][ T9147] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  629.316872][ T2230] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  629.703408][ T2230] usb 5-1: USB disconnect, device number 10
[  631.319679][ T9169] fuse: Bad value for 'fd'
[  631.344839][ T9169] fuse: Bad value for 'fd'
[  632.187627][ T5855] IPVS: starting estimator thread 0...
[  632.426762][ T9179] IPVS: using max 144 ests per chain, 7200 per kthread
[  633.576533][ T5855] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  633.796662][ T5855] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  633.808606][ T5855] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  633.819204][ T5855] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  633.829019][ T5855] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  633.991378][ T9190] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  634.099349][ T5855] usb 6-1: Quirk or no altset; falling back to MIDI 1.0
[  634.112065][ T9197] loop4: detected capacity change from 0 to 512
[  634.598757][ T5855] usb 6-1: USB disconnect, device number 6
[  635.334678][ T9197] EXT4-fs (loop4): Test dummy encryption mode enabled
[  635.342892][ T9197] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  635.508381][ T9197] EXT4-fs error (device loop4): ext4_orphan_get:1419: comm syz.4.1136: bad orphan inode 131083
[  635.569723][ T9197] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  635.883711][ T9216] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1142'.
[  636.496508][ T9197] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  636.991827][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  638.447667][ T9241] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1151'.
[  640.311596][ T5855] IPVS: starting estimator thread 0...
[  640.426721][ T9259] IPVS: using max 192 ests per chain, 9600 per kthread
[  641.790259][ T9271] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap2
[  641.812460][ T9271] batman_adv: batadv0: Adding interface: ip6gretap2
[  641.819649][ T9271] batman_adv: batadv0: The MTU of interface ip6gretap2 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  641.854948][ T9271] batman_adv: batadv0: Interface activated: ip6gretap2
[  643.036255][ T2230] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  643.281012][ T2230] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  643.289699][ T9288] overlayfs: failed to clone upperpath
[  643.290143][ T2230] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  643.306622][ T2230] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  643.316125][ T2230] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  643.328097][ T2230] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 101, setting to 64
[  643.398204][ T2230] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  643.407996][ T2230] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  643.416623][ T2230] usb 5-1: Product: syz
[  643.421086][ T2230] usb 5-1: Manufacturer: syz
[  643.498442][ T9285] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  643.578240][ T2230] cdc_wdm 5-1:1.0: skipping garbage
[  643.583812][ T2230] cdc_wdm 5-1:1.0: skipping garbage
[  643.650625][ T2230] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  643.657133][ T2230] cdc_wdm 5-1:1.0: Unknown control protocol
[  643.919684][ T2230] usb 5-1: USB disconnect, device number 11
[  644.487429][ T2230] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  644.723926][ T2230] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  644.733073][ T2230] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  644.743872][ T2230] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  644.753641][ T2230] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  644.860738][ T2230] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  644.871205][ T2230] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  644.879882][ T2230] usb 5-1: Product: syz
[  644.884464][ T2230] usb 5-1: Manufacturer: syz
[  644.980640][ T2230] cdc_wdm 5-1:1.0: skipping garbage
[  644.986647][ T2230] cdc_wdm 5-1:1.0: skipping garbage
[  645.045792][ T2230] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  645.052449][ T2230] cdc_wdm 5-1:1.0: Unknown control protocol
[  645.741711][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.748875][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.756470][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.763494][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.775294][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.782258][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.796705][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.803670][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.816419][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.823463][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.841907][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.849096][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.868212][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.875174][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.882660][ T2230] usb 5-1: USB disconnect, device number 12
[  645.889103][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  645.889236][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  645.889348][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  646.366957][ T9313] loop5: detected capacity change from 0 to 512
[  646.466830][ T9313] EXT4-fs (loop5): Test dummy encryption mode enabled
[  646.474172][ T9313] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  646.607047][ T9313] EXT4-fs (loop5): 1 truncate cleaned up
[  646.615438][ T9313] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  647.296658][ T7534] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  647.523301][ T9323] IPv4: Oversized IP packet from 127.202.26.0
[  650.522552][ T9353] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  650.541245][ T5801] Bluetooth: hci2: unexpected cc 0x042d length: 63 > 7
[  650.551226][ T5801] Bluetooth: hci2: unexpected event for opcode 0x042d
[  651.822337][ T9366] 9pnet: p9_errstr2errno: server reported unknown error 18446744
[  652.232574][ T9372] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1205'.
[  653.102038][ T9383] netlink: 'syz.6.1207': attribute type 5 has an invalid length.
[  653.110470][ T9383] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1207'.
[  654.628496][ T5801] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  654.644008][ T5801] Bluetooth: hci2: Injecting HCI hardware error event
[  654.653673][ T5091] Bluetooth: hci2: hardware error 0x00
[  655.936425][ T2230] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  656.098890][ T9411] netlink: 'syz.6.1219': attribute type 2 has an invalid length.
[  656.107248][ T9411] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.1219'.
[  656.117370][ T9411] nbd: must specify a device to reconfigure
[  656.200567][ T2230] usb 5-1: config 150 has an invalid interface number: 204 but max is 1
[  656.209737][ T2230] usb 5-1: config 150 has no interface number 0
[  656.216575][ T2230] usb 5-1: config 150 interface 204 has no altsetting 0
[  656.223895][ T2230] usb 5-1: config 150 interface 1 has no altsetting 0
[  656.312990][ T2230] usb 5-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb
[  656.324830][ T2230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  656.333467][ T2230] usb 5-1: Product: syz
[  656.338149][ T2230] usb 5-1: Manufacturer: syz
[  656.343057][ T2230] usb 5-1: SerialNumber: syz
[  656.437721][ T9414] vlan2: entered allmulticast mode
[  656.443282][ T9414] bridge_slave_0: entered allmulticast mode
[  656.707616][ T5091] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  656.757892][ T2230] xr_serial 5-1:150.204: xr_serial converter detected
[  657.652983][ T2230] usb 5-1: xr_serial converter now attached to ttyUSB0
[  657.740039][ T9425] loop5: detected capacity change from 0 to 16
[  657.799869][ T9425] erofs (device loop5): mounted with root inode @ nid 36.
[  657.946712][ T5855] usb 5-1: USB disconnect, device number 13
[  658.020905][ T5855] xr_serial ttyUSB0: xr_serial converter now disconnected from ttyUSB0
[  658.035652][ T5855] xr_serial 5-1:150.204: device disconnected
[  659.784317][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  659.791351][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  659.809357][ T1286] lec:lec_start_xmit: lec0:No lecd attached
[  660.914625][ T9452] IPv4: Oversized IP packet from 127.202.26.0
[  661.980055][ T2230] usb 6-1: new full-speed USB device number 7 using dummy_hcd
[  662.239585][ T2230] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  662.248982][ T2230] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  662.259753][ T2230] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  662.269294][ T2230] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  662.280945][ T2230] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 101, setting to 64
[  662.410825][ T2230] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  662.427875][ T2230] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  662.436806][ T2230] usb 6-1: Product: syz
[  662.441266][ T2230] usb 6-1: Manufacturer: syz
[  662.473832][ T9461] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  662.510690][ T2230] cdc_wdm 6-1:1.0: skipping garbage
[  662.523381][ T2230] cdc_wdm 6-1:1.0: skipping garbage
[  662.578468][ T2230] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  662.585148][ T2230] cdc_wdm 6-1:1.0: Unknown control protocol
[  662.643880][ T9465] overlayfs: failed to resolve './file0': -2
[  662.813581][ T2230] usb 6-1: USB disconnect, device number 7
[  663.270288][ T9467] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  663.487031][ T2230] usb 6-1: new high-speed USB device number 8 using dummy_hcd
[  663.685113][ T2230] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  663.694825][ T2230] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  663.705557][ T2230] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  663.715199][ T2230] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  663.757540][ T2230] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  663.767550][ T2230] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  663.776339][ T2230] usb 6-1: Product: syz
[  663.780890][ T2230] usb 6-1: Manufacturer: syz
[  663.871512][ T2230] cdc_wdm 6-1:1.0: skipping garbage
[  663.877391][ T2230] cdc_wdm 6-1:1.0: skipping garbage
[  663.928855][ T2230] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  663.935137][ T2230] cdc_wdm 6-1:1.0: Unknown control protocol
[  664.682342][    C1] cdc_wdm 6-1:1.0: nonzero urb status received: -71
[  664.689326][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes
[  664.689349][ T2230] usb 6-1: USB disconnect, device number 8
[  664.701681][    C1] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  665.426070][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5620 ms
[  665.434468][    C0] lec:lec_tx_timeout: lec0
[  666.039525][ T9492] kernel read not supported for file /eth0 (pid: 9492 comm: syz.5.1251)
[  666.060362][   T30] audit: type=1800 audit(1750484815.710:136): pid=9492 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1251" name="eth0" dev="mqueue" ino=19407 res=0 errno=0
[  673.301971][ T9568] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1279'.
[  675.838119][   T30] audit: type=1326 audit(1750484825.480:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9589 comm="syz.4.1290" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x0
[  677.445423][ T9605] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  678.931762][ T9618] syz_tun: entered allmulticast mode
[  679.378640][ T9613] syz_tun: left allmulticast mode
[  679.390597][ T5855] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  679.579656][ T5855] usb 6-1: config 0 has no interfaces?
[  679.648073][ T5855] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a25, bcdDevice= 0.00
[  679.657941][ T5855] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  679.666841][ T5855] usb 6-1: Product: syz
[  679.671405][ T5855] usb 6-1: Manufacturer: syz
[  679.676651][ T5855] usb 6-1: SerialNumber: syz
[  679.772574][ T5855] usb 6-1: config 0 descriptor??
[  680.778170][    T9] usb 6-1: USB disconnect, device number 9
[  681.540636][    C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  685.396582][    T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  685.680492][    T9] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  685.690441][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.699118][    T9] usb 5-1: Product: syz
[  685.703579][    T9] usb 5-1: Manufacturer: syz
[  685.708623][    T9] usb 5-1: SerialNumber: syz
[  685.829178][    T9] usb 5-1: config 0 descriptor??
[  686.137093][    T9] usb 5-1: Firmware version (0.0) predates our first public release.
[  686.145555][    T9] usb 5-1: Please update to version 0.2 or newer
[  686.346392][    T9] usb 5-1: USB disconnect, device number 14
[  688.347694][ T9698] syz_tun: entered allmulticast mode
[  688.586834][ T5855] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  688.747829][ T9696] syz_tun: left allmulticast mode
[  688.811476][ T5855] usb 5-1: config 0 has no interfaces?
[  688.909110][ T5855] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a25, bcdDevice= 0.00
[  688.919135][ T5855] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  688.927876][ T5855] usb 5-1: Product: syz
[  688.932330][ T5855] usb 5-1: Manufacturer: syz
[  688.942330][ T5855] usb 5-1: SerialNumber: syz
[  688.983330][ T5855] usb 5-1: config 0 descriptor??
[  689.687794][    T9] usb 5-1: USB disconnect, device number 15
[  691.386308][ T2230] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  691.441975][ T9724] overlayfs: failed to clone upperpath
[  691.626583][ T2230] usb 5-1: Using ep0 maxpacket: 16
[  691.663447][ T2230] usb 5-1: config 1 has an invalid interface number: 105 but max is 0
[  691.672528][ T2230] usb 5-1: config 1 has no interface number 0
[  691.679418][ T2230] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  691.690542][ T2230] usb 5-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  691.705792][ T2230] usb 5-1: config 1 interface 105 has no altsetting 0
[  691.775014][ T2230] usb 5-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  691.785097][ T2230] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  691.793683][ T2230] usb 5-1: Product: syz
[  691.798264][ T2230] usb 5-1: Manufacturer: syz
[  691.807852][ T2230] usb 5-1: SerialNumber: syz
[  691.874282][ T9721] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  691.899802][ T9721] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  692.443620][ T9721] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  692.500036][ T9721] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  692.974163][ T2230] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  693.010884][ T2230] aqc111 5-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  693.129944][ T2230] aqc111 5-1:1.105 eth9: register 'aqc111' at usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41
[  693.375859][ T2230] usb 5-1: USB disconnect, device number 16
[  693.385333][ T2230] aqc111 5-1:1.105 eth9: unregister 'aqc111' usb-dummy_hcd.4-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  693.617711][ T2230] aqc111 5-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  693.628171][ T2230] aqc111 5-1:1.105 eth9 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  693.638775][ T2230] aqc111 5-1:1.105 eth9 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  693.658617][ T9744] loop5: detected capacity change from 0 to 1024
[  693.901127][ T9744] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  694.046718][   T30] audit: type=1800 audit(1750484843.700:138): pid=9744 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1350" name="file1" dev="loop5" ino=15 res=0 errno=0
[  694.151933][ T9744] EXT4-fs error (device loop5): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt.
[  694.715829][ T7534] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  695.089369][ T9756] bond2: entered promiscuous mode
[  695.094758][ T9756] bond2: entered allmulticast mode
[  695.102829][ T9756] 8021q: adding VLAN 0 to HW filter on device bond2
[  695.201412][ T9756] bond2 (unregistering): Released all slaves
[  696.347499][ T9773] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1368'.
[  699.069826][ T9800] bond1: entered promiscuous mode
[  699.082501][ T9800] bond1: entered allmulticast mode
[  699.090787][ T9800] 8021q: adding VLAN 0 to HW filter on device bond1
[  699.215363][ T9800] bond1 (unregistering): Released all slaves
[  699.716877][ T9805] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1371'.
[  700.377325][   T30] audit: type=1800 audit(1750484850.030:139): pid=9813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1374" name="bus" dev="overlay" ino=1415 res=0 errno=0
[  700.879861][ T9818] overlayfs: failed to clone upperpath
[  702.850741][ T9837] bond1: entered promiscuous mode
[  702.856273][ T9837] bond1: entered allmulticast mode
[  702.871914][ T9837] 8021q: adding VLAN 0 to HW filter on device bond1
[  703.036857][ T9837] bond1 (unregistering): Released all slaves
[  703.137065][ T9844] bridge0: entered allmulticast mode
[  703.193735][ T9844] pim6reg: entered allmulticast mode
[  703.211705][ T9845] sctp: [Deprecated]: syz.4.1387 (pid 9845) Use of struct sctp_assoc_value in delayed_ack socket option.
[  703.211705][ T9845] Use struct sctp_sack_info instead
[  703.292893][ T9844] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1388'.
[  703.304191][ T9844] bridge_slave_1: left allmulticast mode
[  703.310551][ T9844] bridge_slave_1: left promiscuous mode
[  703.317639][ T9844] bridge0: port 2(bridge_slave_1) entered disabled state
[  703.356465][ T9844] bridge_slave_0: left allmulticast mode
[  703.362454][ T9844] bridge_slave_0: left promiscuous mode
[  703.370044][ T9844] bridge0: port 1(bridge_slave_0) entered disabled state
[  703.569037][ T9844] bond0: (slave bridge0): Releasing backup interface
[  703.661172][ T9844] bridge0 (unregistering): left allmulticast mode
[  704.272412][   T30] audit: type=1800 audit(1750484853.920:140): pid=9853 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1392" name="file1" dev="overlay" ino=822 res=0 errno=0
[  706.075694][ T9861] loop5: detected capacity change from 0 to 32768
[  706.167273][ T9861] (syz.5.1394,9861,0):ocfs2_check_set_options:1259 ERROR: Group quotas were requested, but this filesystem does not have the feature enabled.
[  706.194497][ T9861] (syz.5.1394,9861,0):ocfs2_fill_super:1177 ERROR: status = -22
[  708.126600][ T5855] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  708.327142][ T5855] usb 5-1: Using ep0 maxpacket: 32
[  708.356215][ T5855] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  708.365440][ T5855] usb 5-1: config 0 has no interface number 0
[  708.433680][ T5855] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  708.443308][ T5855] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  708.451923][ T5855] usb 5-1: Product: syz
[  708.456662][ T5855] usb 5-1: Manufacturer: syz
[  708.461573][ T5855] usb 5-1: SerialNumber: syz
[  708.542169][ T5855] usb 5-1: config 0 descriptor??
[  708.611264][ T5855] smsc95xx v2.0.0
[  709.047011][ T5855] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  709.059572][ T5855] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  709.567932][ T9892] pim6reg: entered allmulticast mode
[  709.634719][ T9892] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1404'.
[  709.924287][ T5855] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  709.946915][ T5855] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  710.054492][ T5855] usb 5-1: USB disconnect, device number 17
[  711.367937][ T9907] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1408'.
[  711.958904][ T9913] loop5: detected capacity change from 0 to 512
[  712.159083][ T9913] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  712.172834][ T9913] ext4 filesystem being mounted at /156/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  712.328193][ T9913] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #2: comm syz.5.1409: corrupted inode contents
[  712.405416][ T9913] EXT4-fs error (device loop5): ext4_dirty_inode:6459: inode #2: comm syz.5.1409: mark_inode_dirty error
[  712.445201][ T9913] EXT4-fs error (device loop5): ext4_do_update_inode:5568: inode #2: comm syz.5.1409: corrupted inode contents
[  712.517335][ T9913] EXT4-fs error (device loop5): __ext4_ext_dirty:206: inode #2: comm syz.5.1409: mark_inode_dirty error
[  712.840758][ T9924] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1416'.
[  713.045282][ T7534] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  713.748576][ T9935] loop4: detected capacity change from 0 to 512
[  713.853432][ T9935] EXT4-fs (loop4): Test dummy encryption mode enabled
[  713.861109][ T9935] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  713.945659][ T9935] EXT4-fs (loop4): 1 truncate cleaned up
[  713.954586][ T9935] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  714.544435][ T5800] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  715.904830][ T9958] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1426'.
[  716.820564][ T9967] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1442'.
[  717.064638][ T9969] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  718.982845][ T9991] loop4: detected capacity change from 0 to 256
[  719.044788][ T9991] exfat: Invalid uid '0x00000000ffffffff'
[  720.489300][T10005] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1446'.
[  720.760698][T10009] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  721.228552][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  721.235356][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  721.253327][ T1286] lec:lec_start_xmit: lec0:No lecd attached
[  721.477440][T10015] netlink: 'syz.4.1452': attribute type 1 has an invalid length.
[  721.612819][T10015] 8021q: adding VLAN 0 to HW filter on device bond2
[  721.844946][T10026] netlink: 'syz.3.1450': attribute type 10 has an invalid length.
[  722.600546][T10032] netlink: 'syz.1.1469': attribute type 1 has an invalid length.
[  722.644669][T10035] loop5: detected capacity change from 0 to 128
[  722.784981][T10032] 8021q: adding VLAN 0 to HW filter on device bond1
[  723.100907][T10032] bond1: (slave dummy0): making interface the new active one
[  723.115726][T10032] bond1: (slave dummy0): Enslaving as an active interface with an up link
[  723.922262][ T4728] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.198725][ T4728] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.356888][ T4728] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.542082][ T4728] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  724.547271][T10051] fuse: Bad value for 'fd'
[  725.834215][ T4728] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  725.890825][ T4728] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  725.942617][ T4728] bond0 (unregistering): Released all slaves
[  726.053584][ T4728] bond1 (unregistering): (slave dummy0): Releasing active interface
[  726.088605][ T4728] bond1 (unregistering): Released all slaves
[  726.465989][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5210 ms
[  726.474383][    C0] lec:lec_tx_timeout: lec0
[  726.904611][ T4728] hsr_slave_0: left promiscuous mode
[  726.928025][ T4728] hsr_slave_1: left promiscuous mode
[  726.936785][ T4728] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  726.944585][ T4728] batman_adv: batadv0: Removing interface: batadv_slave_0
[  727.007246][ T4728] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  727.015083][ T4728] batman_adv: batadv0: Removing interface: batadv_slave_1
[  727.066727][ T4728] veth1_macvtap: left promiscuous mode
[  727.072801][ T4728] veth0_macvtap: left promiscuous mode
[  727.079171][ T4728] veth1_vlan: left promiscuous mode
[  727.084843][ T4728] veth0_vlan: left promiscuous mode
[  727.469258][ T4728] pim6reg (unregistering): left allmulticast mode
[  729.539462][ T5801] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  729.572798][T10077] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  729.590873][T10077] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  729.637964][T10077] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  729.662929][T10077] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  731.072758][T10092] gtp0: entered promiscuous mode
[  731.106942][T10076] chnl_net:caif_netlink_parms(): no params data found
[  731.826418][T10077] Bluetooth: hci0: command tx timeout
[  732.521363][T10076] bridge0: port 1(bridge_slave_0) entered blocking state
[  732.529531][T10076] bridge0: port 1(bridge_slave_0) entered disabled state
[  732.537964][T10076] bridge_slave_0: entered allmulticast mode
[  732.548320][T10076] bridge_slave_0: entered promiscuous mode
[  732.663836][T10076] bridge0: port 2(bridge_slave_1) entered blocking state
[  732.672019][T10076] bridge0: port 2(bridge_slave_1) entered disabled state
[  732.680116][T10076] bridge_slave_1: entered allmulticast mode
[  732.690437][T10076] bridge_slave_1: entered promiscuous mode
[  733.364514][T10076] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  733.496783][T10076] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  733.928918][T10077] Bluetooth: hci0: command tx timeout
[  734.520239][T10076] team0: Port device team_slave_0 added
[  734.584635][T10076] team0: Port device team_slave_1 added
[  735.612830][T10076] batman_adv: batadv0: Adding interface: batadv_slave_0
[  735.620325][T10076] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  735.652621][T10076] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  735.850858][T10076] batman_adv: batadv0: Adding interface: batadv_slave_1
[  735.858509][T10076] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  735.885296][T10076] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  735.991282][T10077] Bluetooth: hci0: command tx timeout
[  736.148204][T10138] netlink: 'syz.6.1497': attribute type 10 has an invalid length.
[  736.156894][T10138] netlink: 40 bytes leftover after parsing attributes in process `syz.6.1497'.
[  736.304768][T10138] batadv0: entered promiscuous mode
[  736.310769][T10138] batadv0: entered allmulticast mode
[  736.324169][T10138] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check.
[  736.374155][T10076] hsr_slave_0: entered promiscuous mode
[  736.388160][T10076] hsr_slave_1: entered promiscuous mode
[  736.398541][T10076] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  736.406490][T10076] Cannot create hsr debugfs directory
[  737.845343][    C1] vxcan0: j1939_tp_rxtimer: 0xffff88805009bc00: rx timeout, send abort
[  737.856515][    C1] vxcan0: j1939_xtp_rx_abort_one: 0xffff88805009bc00: 0x2f000: (3) A timeout occurred and this is the connection abort to close the session.
[  738.066344][T10077] Bluetooth: hci0: command tx timeout
[  738.149131][T10076] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  738.372243][T10076] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  738.452656][T10076] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  738.580596][T10076] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  739.772323][T10076] 8021q: adding VLAN 0 to HW filter on device bond0
[  739.920902][T10076] 8021q: adding VLAN 0 to HW filter on device team0
[  740.001334][ T4728] bridge0: port 1(bridge_slave_0) entered blocking state
[  740.009150][ T4728] bridge0: port 1(bridge_slave_0) entered forwarding state
[  740.109942][ T4728] bridge0: port 2(bridge_slave_1) entered blocking state
[  740.117837][ T4728] bridge0: port 2(bridge_slave_1) entered forwarding state
[  742.487069][T10076] 8021q: adding VLAN 0 to HW filter on device batadv0
[  745.393375][T10076] veth0_vlan: entered promiscuous mode
[  745.517133][T10076] veth1_vlan: entered promiscuous mode
[  746.000721][T10076] veth0_macvtap: entered promiscuous mode
[  746.090296][T10076] veth1_macvtap: entered promiscuous mode
[  746.328330][T10076] batman_adv: batadv0: Interface activated: batadv_slave_0
[  746.439888][T10076] batman_adv: batadv0: Interface activated: batadv_slave_1
[  746.548788][T10076] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  746.558180][T10076] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  746.567668][T10076] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  746.577255][T10076] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  746.680359][T10249] overlayfs: failed to resolve './file0': -2
[  747.094515][T10244] overlayfs: failed to clone upperpath
[  747.382419][T10256] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1538'.
[  748.128792][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1542'.
[  748.647267][ T3883] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  748.904228][ T3883] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.188078][ T3883] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  749.373059][ T3883] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  750.788837][ T3883] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  750.848325][ T3883] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  750.873306][ T3883] bond0 (unregistering): Released all slaves
[  750.917597][ T3883] bond1 (unregistering): (slave dummy0): Releasing active interface
[  750.934747][ T3883] bond1 (unregistering): Released all slaves
[  751.598185][ T3883] hsr_slave_0: left promiscuous mode
[  751.614480][ T3883] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  751.622659][ T3883] batman_adv: batadv0: Removing interface: batadv_slave_0
[  751.660419][ T3883] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  751.668491][ T3883] batman_adv: batadv0: Removing interface: batadv_slave_1
[  751.716855][ T3883] veth1_macvtap: left promiscuous mode
[  751.722719][ T3883] veth0_macvtap: left promiscuous mode
[  751.730535][ T3883] veth1_vlan: left promiscuous mode
[  751.736483][ T3883] veth0_vlan: left promiscuous mode
[  752.234589][ T3883] pim6reg (unregistering): left allmulticast mode
[  752.270907][T10297] overlayfs: failed to clone upperpath
[  753.798006][ T5091] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  753.878154][ T5091] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  753.890896][ T5091] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  753.907287][ T5091] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  753.962622][ T5091] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  755.078183][T10324] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1556'.
[  755.208133][T10309] chnl_net:caif_netlink_parms(): no params data found
[  756.076256][ T5091] Bluetooth: hci4: command tx timeout
[  756.148108][   T58] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  756.157032][   T58] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  756.307427][   T14] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  756.319153][   T14] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  756.454820][T10337] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1567'.
[  756.464812][T10337] netlink: 'syz.6.1567': attribute type 7 has an invalid length.
[  756.473307][T10337] netlink: 'syz.6.1567': attribute type 8 has an invalid length.
[  756.481659][T10337] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1567'.
[  756.853573][T10309] bridge0: port 1(bridge_slave_0) entered blocking state
[  756.861480][T10309] bridge0: port 1(bridge_slave_0) entered disabled state
[  756.870598][T10309] bridge_slave_0: entered allmulticast mode
[  756.881037][T10309] bridge_slave_0: entered promiscuous mode
[  757.045307][T10309] bridge0: port 2(bridge_slave_1) entered blocking state
[  757.053382][T10309] bridge0: port 2(bridge_slave_1) entered disabled state
[  757.064055][T10309] bridge_slave_1: entered allmulticast mode
[  757.074703][T10309] bridge_slave_1: entered promiscuous mode
[  757.436722][T10345] 9pnet: p9_errstr2errno: server reported unknown error �j���=��ƫ&B
[  757.539421][T10309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  757.620646][T10309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  757.942906][T10309] team0: Port device team_slave_0 added
[  758.075403][T10309] team0: Port device team_slave_1 added
[  758.172658][ T5091] Bluetooth: hci4: command tx timeout
[  758.284747][T10309] batman_adv: batadv0: Adding interface: batadv_slave_0
[  758.293427][T10309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  758.320281][T10309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  758.342624][T10309] batman_adv: batadv0: Adding interface: batadv_slave_1
[  758.351924][T10309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  758.382631][T10309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  758.708733][T10309] hsr_slave_0: entered promiscuous mode
[  758.720226][T10309] hsr_slave_1: entered promiscuous mode
[  758.729890][T10309] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  758.738308][T10309] Cannot create hsr debugfs directory
[  759.547011][T10366] netlink: 156 bytes leftover after parsing attributes in process `syz.4.1572'.
[  759.890066][T10309] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  759.942671][T10309] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  760.068623][T10309] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  760.145437][T10309] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  760.228291][ T5091] Bluetooth: hci4: command tx timeout
[  760.909147][T10378] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1576'.
[  761.340259][T10309] 8021q: adding VLAN 0 to HW filter on device bond0
[  761.703033][T10309] 8021q: adding VLAN 0 to HW filter on device team0
[  761.797585][ T3883] bridge0: port 1(bridge_slave_0) entered blocking state
[  761.805590][ T3883] bridge0: port 1(bridge_slave_0) entered forwarding state
[  761.924090][ T3883] bridge0: port 2(bridge_slave_1) entered blocking state
[  761.932028][ T3883] bridge0: port 2(bridge_slave_1) entered forwarding state
[  762.306458][ T5091] Bluetooth: hci4: command tx timeout
[  763.024090][T10394] netlink: 'syz.3.1581': attribute type 1 has an invalid length.
[  763.128940][T10394] 8021q: adding VLAN 0 to HW filter on device bond3
[  763.254636][T10394] bond3: (slave gretap2): making interface the new active one
[  763.268197][T10394] bond3: (slave gretap2): Enslaving as an active interface with an up link
[  764.311248][T10405] overlayfs: failed to clone upperpath
[  764.319306][T10411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1586'.
[  764.723013][T10309] 8021q: adding VLAN 0 to HW filter on device batadv0
[  765.241837][T10420] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1589'.
[  765.251812][T10420] netlink: 'syz.3.1589': attribute type 7 has an invalid length.
[  765.260191][T10420] netlink: 'syz.3.1589': attribute type 8 has an invalid length.
[  765.269608][T10420] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1589'.
[  765.299875][T10416] loop7: detected capacity change from 0 to 2048
[  765.479287][T10416] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  766.260102][T10431] vxcan3: entered allmulticast mode
[  767.031842][T10436] kvm: apic: phys broadcast and lowest prio
[  767.394901][T10309] veth0_vlan: entered promiscuous mode
[  767.543312][T10309] veth1_vlan: entered promiscuous mode
[  768.016501][T10309] veth0_macvtap: entered promiscuous mode
[  768.104587][T10309] veth1_macvtap: entered promiscuous mode
[  768.277253][T10309] batman_adv: batadv0: Interface activated: batadv_slave_0
[  768.342846][T10309] batman_adv: batadv0: Interface activated: batadv_slave_1
[  768.437012][T10309] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  768.446775][T10309] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  768.456360][T10309] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  768.465434][T10309] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  769.306602][ T5879] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  769.505473][ T5879] usb 8-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  769.518880][ T5879] usb 8-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  769.531933][ T5879] usb 8-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  769.542412][ T5879] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  769.563524][T10456] raw-gadget.0 gadget.7: fail, usb_ep_enable returned -22
[  769.640894][ T5879] usb 8-1: Quirk or no altset; falling back to MIDI 1.0
[  769.994167][ T5879] usb 8-1: USB disconnect, device number 2
[  772.807792][T10490] loop7: detected capacity change from 0 to 512
[  772.922010][T10490] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  773.045504][T10490] EXT4-fs (loop7): 1 truncate cleaned up
[  773.055159][T10490] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  773.499497][T10499] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1
[  773.526252][T10499] batman_adv: batadv0: Adding interface: ip6gretap1
[  773.533153][T10499] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  773.559640][T10499] batman_adv: batadv0: Interface activated: ip6gretap1
[  773.851765][T10076] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  775.004842][T10514] gtp0: entered promiscuous mode
[  775.532410][T10525] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1622'.
[  776.635443][ T6632] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.644187][ T6632] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  776.749748][ T4198] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  776.758457][ T4198] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  777.675708][T10541] loop8: detected capacity change from 0 to 64
[  778.922297][T10555] bridge0: port 3(syz_tun) entered blocking state
[  778.930311][T10555] bridge0: port 3(syz_tun) entered disabled state
[  778.938106][T10555] syz_tun: entered allmulticast mode
[  778.954613][T10555] syz_tun: entered promiscuous mode
[  778.962846][T10555] bridge0: port 3(syz_tun) entered blocking state
[  778.970139][T10555] bridge0: port 3(syz_tun) entered forwarding state
[  779.059680][ T5879] IPVS: starting estimator thread 0...
[  779.157170][T10558] IPVS: using max 144 ests per chain, 7200 per kthread
[  780.092068][T10567] macvlan2: entered promiscuous mode
[  780.098109][T10567] macvlan2: entered allmulticast mode
[  780.107783][T10567] bond0: entered promiscuous mode
[  780.113160][T10567] bond_slave_0: entered promiscuous mode
[  780.120647][T10567] bond_slave_1: entered promiscuous mode
[  780.131498][T10567] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  780.184727][T10570] netlink: 'syz.3.1638': attribute type 10 has an invalid length.
[  780.197278][T10567] bond0: left promiscuous mode
[  780.202379][T10567] bond_slave_0: left promiscuous mode
[  780.209793][T10567] bond_slave_1: left promiscuous mode
[  780.250239][T10571] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1638'.
[  782.658972][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  782.666242][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  782.684205][ T1286] lec:lec_start_xmit: lec0:No lecd attached
[  784.521322][T10614] macvlan2: entered promiscuous mode
[  784.527229][T10614] macvlan2: entered allmulticast mode
[  784.536989][T10614] bond0: entered promiscuous mode
[  784.542425][T10614] bond_slave_0: entered promiscuous mode
[  784.550469][T10614] bond_slave_1: entered promiscuous mode
[  784.561208][T10614] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  784.667676][T10614] bond0: left promiscuous mode
[  784.673114][T10614] bond_slave_0: left promiscuous mode
[  784.690054][T10614] bond_slave_1: left promiscuous mode
[  787.865732][T10650] loop8: detected capacity change from 0 to 2048
[  788.134857][T10650] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  788.474193][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5780 ms
[  788.482915][    C0] lec:lec_tx_timeout: lec0
[  788.618983][T10661] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1670'.
[  789.046661][T10655] EXT4-fs error (device loop8): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 2: invalid block bitmap
[  789.780500][T10309] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  790.136969][T10668] macvlan2: entered promiscuous mode
[  790.142672][T10668] macvlan2: entered allmulticast mode
[  790.151896][T10668] bond0: entered promiscuous mode
[  790.157527][T10668] bond_slave_0: entered promiscuous mode
[  790.164898][T10668] bond_slave_1: entered promiscuous mode
[  790.175580][T10668] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  790.270548][T10664] loop7: detected capacity change from 0 to 4096
[  790.335601][T10668] bond0: left promiscuous mode
[  790.341296][T10668] bond_slave_0: left promiscuous mode
[  790.348622][T10668] bond_slave_1: left promiscuous mode
[  790.406324][T10664] NILFS (loop7): invalid segment: Checksum error in segment payload
[  790.421558][T10664] NILFS (loop7): trying rollback from an earlier position
[  790.663017][T10664] NILFS (loop7): recovery complete
[  790.708964][T10669] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  791.024873][T10664] overlayfs: upper fs does not support tmpfile.
[  791.065319][T10676] netlink: 'syz.4.1675': attribute type 1 has an invalid length.
[  791.086912][T10664] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  791.094218][T10664] overlayfs: failed to set xattr on upper
[  791.101922][T10664] overlayfs: ...falling back to redirect_dir=nofollow.
[  791.110474][T10664] overlayfs: ...falling back to index=off.
[  791.117726][T10664] overlayfs: ...falling back to uuid=null.
[  791.164177][T10676] 8021q: adding VLAN 0 to HW filter on device bond3
[  791.480900][T10678] bond3: (slave gretap1): making interface the new active one
[  791.495603][T10678] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  793.010925][T10693] loop7: detected capacity change from 0 to 256
[  793.107398][T10693] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  793.118843][T10693] exFAT-fs (loop7): Medium has reported failures. Some data may be lost.
[  793.259010][T10693] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  795.754886][T10716] loop8: detected capacity change from 0 to 4096
[  795.918963][T10716] NILFS (loop8): invalid segment: Checksum error in segment payload
[  795.927676][T10716] NILFS (loop8): trying rollback from an earlier position
[  796.121472][T10716] NILFS (loop8): recovery complete
[  796.193983][T10730] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  796.509875][T10716] overlayfs: upper fs does not support tmpfile.
[  796.546326][T10716] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  796.553758][T10716] overlayfs: failed to set xattr on upper
[  796.565173][T10716] overlayfs: ...falling back to redirect_dir=nofollow.
[  796.574609][T10716] overlayfs: ...falling back to index=off.
[  796.581152][T10716] overlayfs: ...falling back to uuid=null.
[  799.591462][T10765] loop7: detected capacity change from 0 to 256
[  799.758960][T10765] exFAT-fs (loop7): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  799.901693][T10765] exFAT-fs (loop7): error, data size is invalid(9000)
[  799.913263][T10765] exFAT-fs (loop7): Filesystem has been set read-only
[  799.962308][T10765] exFAT-fs (loop7): error, data size is invalid(10)
[  800.002910][T10765] exFAT-fs (loop7): error, data size is invalid(10)
[  802.503811][T10782] overlayfs: failed to clone upperpath
[  804.673110][T10813] loop7: detected capacity change from 0 to 256
[  804.755237][T10813] exFAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  804.767196][T10813] exFAT-fs (loop7): Medium has reported failures. Some data may be lost.
[  804.989593][T10813] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  809.408540][T10858] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1750'.
[  814.158927][T10912] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1771'.
[  814.507499][T10916] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  815.058601][T10920] : entered promiscuous mode
[  817.885464][T10942] loop7: detected capacity change from 0 to 8192
[  819.751979][T10975] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1796'.
[  820.436650][   T30] audit: type=1326 audit(1750484970.050:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10980 comm="syz.3.1800" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f67539 code=0x0
[  822.452867][T11001] overlayfs: failed to resolve './file0': -2
[  826.940898][T11035] loop8: detected capacity change from 0 to 512
[  826.989375][T11035] EXT4-fs: Ignoring removed orlov option
[  827.167475][T11035] EXT4-fs error (device loop8): ext4_orphan_get:1393: inode #15: comm syz.8.1822: casefold flag without casefold feature
[  827.267489][T11035] EXT4-fs error (device loop8): ext4_orphan_get:1398: comm syz.8.1822: couldn't read orphan inode 15 (err -117)
[  827.298190][T11035] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  828.024918][T10309] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  828.538773][T11055] loop7: detected capacity change from 0 to 512
[  828.589911][T11055] EXT4-fs: Ignoring removed mblk_io_submit option
[  828.598153][T11055] EXT4-fs: Ignoring removed mblk_io_submit option
[  828.726391][T11055] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  828.829877][T11055] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c118, mo2=0002]
[  828.889133][T11059] overlayfs: failed to clone upperpath
[  828.937040][T11055] EXT4-fs error (device loop7): ext4_iget_extra_inode:5035: inode #15: comm syz.7.1828: corrupted in-inode xattr: e_value size too large
[  829.056555][T11055] EXT4-fs error (device loop7): ext4_orphan_get:1398: comm syz.7.1828: couldn't read orphan inode 15 (err -117)
[  829.110294][T11055] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  829.190195][T11064] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1832'.
[  829.449653][T11055] EXT4-fs warning (device loop7): dx_probe:801: inode #2: comm syz.7.1828: Unrecognised inode hash code 4
[  829.463508][T11055] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.1828: Corrupt directory, running e2fsck is recommended
[  829.578464][T11055] EXT4-fs warning (device loop7): dx_probe:801: inode #2: comm syz.7.1828: Unrecognised inode hash code 4
[  829.590847][T11055] EXT4-fs warning (device loop7): dx_probe:934: inode #2: comm syz.7.1828: Corrupt directory, running e2fsck is recommended
[  829.933731][T11073] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1835'.
[  830.061239][T10076] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  830.585043][T11075] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1837'.
[  831.404257][T11079] loop7: detected capacity change from 0 to 4096
[  831.828027][T11091] netlink: 'syz.4.1844': attribute type 12 has an invalid length.
[  832.817718][T11098] Invalid ELF header magic: != ELF
[  835.511239][T11117] loop8: detected capacity change from 0 to 512
[  835.604810][T11117] EXT4-fs (loop8): feature flags set on rev 0 fs, running e2fsck is recommended
[  835.614503][T11117] EXT4-fs (loop8): mounting ext2 file system using the ext4 subsystem
[  835.721541][T11117] EXT4-fs (loop8): warning: checktime reached, running e2fsck is recommended
[  835.733380][T11117] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002]
[  835.742625][T11117] System zones: 0-2, 18-18, 34-34
[  835.765511][T11117] EXT4-fs error (device loop8): ext4_orphan_get:1393: inode #15: comm syz.8.1855: iget: bad i_size value: 360287970189639680
[  835.868465][T11117] EXT4-fs error (device loop8): ext4_orphan_get:1398: comm syz.8.1855: couldn't read orphan inode 15 (err -117)
[  835.969911][T11117] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  836.484250][T10309] EXT4-fs error (device loop8): ext4_readdir:264: inode #2: block 3: comm syz-executor: path /44/file2: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1
[  836.929593][T10309] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  837.156076][T10309] bridge0: port 3(syz_tun) entered disabled state
[  837.239840][T10309] syz_tun (unregistering): left allmulticast mode
[  837.247029][T10309] syz_tun (unregistering): left promiscuous mode
[  837.253941][T10309] bridge0: port 3(syz_tun) entered disabled state
[  837.545180][ T6647] netdevsim netdevsim8 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  837.659957][T11146] netlink: 'syz.7.1866': attribute type 1 has an invalid length.
[  837.755657][T11146] 8021q: adding VLAN 0 to HW filter on device bond1
[  837.904082][ T6647] netdevsim netdevsim8 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  838.029698][T11149] bond1: (slave gretap1): making interface the new active one
[  838.052966][T11149] bond1: (slave gretap1): Enslaving as an active interface with an up link
[  838.182517][ T6647] netdevsim netdevsim8 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  838.383455][ T6647] netdevsim netdevsim8 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  838.832327][ T6647] bridge_slave_1: left allmulticast mode
[  838.838576][ T6647] bridge_slave_1: left promiscuous mode
[  838.845504][ T6647] bridge0: port 2(bridge_slave_1) entered disabled state
[  838.939718][ T6647] bridge_slave_0: left allmulticast mode
[  838.945721][ T6647] bridge_slave_0: left promiscuous mode
[  838.963943][ T6647] bridge0: port 1(bridge_slave_0) entered disabled state
[  839.500905][ T6647] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  839.530837][ T6647] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  839.548082][ T6647] bond0 (unregistering): Released all slaves
[  840.073910][ T6647] hsr_slave_0: left promiscuous mode
[  840.116921][ T6647] hsr_slave_1: left promiscuous mode
[  840.125661][ T6647] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  840.133881][ T6647] batman_adv: batadv0: Removing interface: batadv_slave_0
[  840.229368][ T6647] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  840.237544][ T6647] batman_adv: batadv0: Removing interface: batadv_slave_1
[  840.357889][T11155] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1869'.
[  840.373218][ T6647] veth1_macvtap: left promiscuous mode
[  840.379695][ T6647] veth0_macvtap: left promiscuous mode
[  840.390713][ T6647] veth1_vlan: left promiscuous mode
[  840.396737][ T6647] veth0_vlan: left promiscuous mode
[  840.465223][T11155] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies.
[  841.631838][ T6647] team0 (unregistering): Port device team_slave_1 removed
[  841.730971][T11162] netlink: 'syz.6.1873': attribute type 4 has an invalid length.
[  841.785529][ T6647] team0 (unregistering): Port device team_slave_0 removed
[  842.259130][T10077] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  842.291599][T10077] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  842.348306][T11168] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1876'.
[  842.358514][T11168] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1876'.
[  842.383003][T11167] loop7: detected capacity change from 0 to 512
[  842.394372][T11167] EXT4-fs: Ignoring removed i_version option
[  842.424745][T11167] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  842.462918][T10077] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  842.507132][T10077] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  842.541829][T10077] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  842.609525][T11167] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  842.623116][T11167] ext4 filesystem being mounted at /62/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  842.654111][ T6647] IPVS: stop unused estimator thread 0...
[  842.708038][T11167] EXT4-fs error (device loop7): ext4_do_update_inode:5568: inode #2: comm syz.7.1875: corrupted inode contents
[  842.863705][T11167] EXT4-fs (loop7): Remounting filesystem read-only
[  843.315355][T10076] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  843.363166][ T3832] Quota error (device loop7): dquot_write_dquot: Can't write quota structure (error -30). Quota may get out of sync!
[  844.112077][ T1286] ieee802154 phy0 wpan0: encryption failed: -22
[  844.119448][ T1286] ieee802154 phy1 wpan1: encryption failed: -22
[  844.137368][ T1286] lec:lec_start_xmit: lec0:No lecd attached
[  844.180091][T11169] chnl_net:caif_netlink_parms(): no params data found
[  844.635068][ T5091] Bluetooth: hci4: command tx timeout
[  845.552314][T11200] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1885'.
[  845.693717][T11200] bond1: entered promiscuous mode
[  845.699459][T11200] bond1: entered allmulticast mode
[  845.834605][T11204] ip6tnl1: entered allmulticast mode
[  845.843815][T11204] bond1: (slave ip6tnl1): The slave device specified does not support setting the MAC address
[  845.859395][T11204] bond1: (slave ip6tnl1): Error -95 calling set_mac_address
[  846.246381][T11169] bridge0: port 1(bridge_slave_0) entered blocking state
[  846.254224][T11169] bridge0: port 1(bridge_slave_0) entered disabled state
[  846.262405][T11169] bridge_slave_0: entered allmulticast mode
[  846.273172][T11169] bridge_slave_0: entered promiscuous mode
[  846.306772][T11169] bridge0: port 2(bridge_slave_1) entered blocking state
[  846.314628][T11169] bridge0: port 2(bridge_slave_1) entered disabled state
[  846.330845][T11169] bridge_slave_1: entered allmulticast mode
[  846.341771][T11169] bridge_slave_1: entered promiscuous mode
[  846.546327][T11169] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  846.627170][T11169] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  846.709415][ T5091] Bluetooth: hci4: command tx timeout
[  846.796155][T11169] team0: Port device team_slave_0 added
[  846.845732][T11169] team0: Port device team_slave_1 added
[  847.241618][T11169] batman_adv: batadv0: Adding interface: batadv_slave_0
[  847.252271][T11169] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  847.279802][T11169] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  847.454479][T11169] batman_adv: batadv0: Adding interface: batadv_slave_1
[  847.462020][T11169] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  847.489319][T11169] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  848.120369][T11169] hsr_slave_0: entered promiscuous mode
[  848.131979][T11169] hsr_slave_1: entered promiscuous mode
[  848.141629][T11169] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  848.149766][T11169] Cannot create hsr debugfs directory
[  848.787636][ T5091] Bluetooth: hci4: command tx timeout
[  849.129940][T11175] libceph: connect (1)[c::]:6789 error -101
[  849.136935][T11175] libceph: mon0 (1)[c::]:6789 connect error
[  849.417104][T11225] ceph: No mds server is up or the cluster is laggy
[  849.418227][T11175] libceph: connect (1)[c::]:6789 error -101
[  849.431200][T11175] libceph: mon0 (1)[c::]:6789 connect error
[  849.435995][    C0] lec0: NETDEV WATCHDOG: CPU: 0: transmit queue 0 timed out 5290 ms
[  849.445767][    C0] lec:lec_tx_timeout: lec0
[  849.623187][T11169] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  849.698561][T11169] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  849.794064][T11169] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  849.967895][T11169] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  850.450881][T11243] overlayfs: failed to clone upperpath
[  850.866952][ T5091] Bluetooth: hci4: command tx timeout
[  851.029921][T11169] 8021q: adding VLAN 0 to HW filter on device bond0
[  851.308362][T11169] 8021q: adding VLAN 0 to HW filter on device team0
[  851.406123][ T4263] bridge0: port 1(bridge_slave_0) entered blocking state
[  851.413826][ T4263] bridge0: port 1(bridge_slave_0) entered forwarding state
[  851.504906][ T4263] bridge0: port 2(bridge_slave_1) entered blocking state
[  851.512907][ T4263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  852.650573][T11261] overlayfs: failed to clone upperpath
[  852.833674][T11258] loop7: detected capacity change from 0 to 2048
[  853.018189][T11266] overlayfs: failed to clone upperpath
[  853.043580][T11258] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  853.780713][T11169] 8021q: adding VLAN 0 to HW filter on device batadv0
[  853.897088][   T58] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  853.961959][   T58] EXT4-fs (loop7): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 448 with error 28
[  853.975069][   T58] EXT4-fs (loop7): This should not happen!! Data will be lost
[  853.975069][   T58] 
[  853.986971][   T58] EXT4-fs (loop7): Total free blocks count 0
[  853.993268][   T58] EXT4-fs (loop7): Free/Dirty block details
[  854.000171][   T58] EXT4-fs (loop7): free_blocks=2415919504
[  854.009226][   T58] EXT4-fs (loop7): dirty_blocks=448
[  854.014897][   T58] EXT4-fs (loop7): Block reservation details
[  854.022138][   T58] EXT4-fs (loop7): i_reserved_data_blocks=28
[  854.397876][T10076] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  855.822072][T11175] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  856.046610][T11175] usb 8-1: Using ep0 maxpacket: 8
[  856.126774][T11175] usb 8-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00
[  856.136857][T11175] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  856.193384][T11175] usb 8-1: config 0 descriptor??
[  856.388307][T10077] Bluetooth: hci0: command 0x0406 tx timeout
[  856.540640][T11169] veth0_vlan: entered promiscuous mode
[  856.711187][T11169] veth1_vlan: entered promiscuous mode
[  856.800029][T11175] waterforce 0003:1044:7A4D.0005: item fetching failed at offset 4/5
[  856.853118][T11175] waterforce 0003:1044:7A4D.0005: hid parse failed with -22
[  856.861785][T11175] waterforce 0003:1044:7A4D.0005: probe with driver waterforce failed with error -22
[  857.036669][T11176] usb 8-1: USB disconnect, device number 3
[  857.186936][T11169] veth0_macvtap: entered promiscuous mode
[  857.190392][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  857.289428][T11169] veth1_macvtap: entered promiscuous mode
[  857.472792][T11169] batman_adv: batadv0: Interface activated: batadv_slave_0
[  857.551123][T11311] macvlan1: entered promiscuous mode
[  857.565289][T11311] ipvlan0: entered promiscuous mode
[  857.577106][T11311] ipvlan0: left promiscuous mode
[  857.648455][T11311] macvlan1: left promiscuous mode
[  857.810299][T11169] batman_adv: batadv0: Interface activated: batadv_slave_1
[  857.933192][T11169] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  857.943004][T11169] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  857.952806][T11169] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  857.962241][T11169] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  858.626476][   T30] audit: type=1326 audit(1750485008.270:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  858.653625][   T30] audit: type=1326 audit(1750485008.270:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  858.677227][   T30] audit: type=1326 audit(1750485008.310:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=356 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  858.700108][   T30] audit: type=1326 audit(1750485008.310:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  858.727407][   T30] audit: type=1326 audit(1750485008.320:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=4 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  858.752291][   T30] audit: type=1326 audit(1750485008.400:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=91 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  858.775446][   T30] audit: type=1326 audit(1750485008.420:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  858.798538][   T30] audit: type=1326 audit(1750485008.420:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=6 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  859.119115][   T30] audit: type=1326 audit(1750485008.490:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  859.146785][   T30] audit: type=1326 audit(1750485008.520:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11321 comm="syz.6.1926" exe="/root/syz-executor" sig=0 arch=40000003 syscall=433 compat=1 ip=0xf7f24539 code=0x7ffc0000
[  861.164802][T11340] overlayfs: failed to clone upperpath
[  862.896863][T11358] vhci_hcd vhci_hcd.0: pdev(7) rhport(0) sockfd(5)
[  862.903766][T11358] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  862.916599][T11358] vhci_hcd vhci_hcd.0: Device attached
[  863.216245][T11174] usb 47-1: new low-speed USB device number 2 using vhci_hcd
[  863.236997][    T9] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  863.436593][    T9] usb 8-1: Using ep0 maxpacket: 16
[  863.518833][    T9] usb 8-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00
[  863.534430][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  863.544778][    T9] usb 8-1: Product: syz
[  863.549440][    T9] usb 8-1: Manufacturer: syz
[  863.554330][    T9] usb 8-1: SerialNumber: syz
[  863.600286][    T9] usb 8-1: config 0 descriptor??
[  863.685197][    T9] ftdi_sio 8-1:0.0: FTDI USB Serial Device converter detected
[  863.697966][    T9] usb 8-1: Detected FT232H
[  863.846642][    T9] ftdi_sio ttyUSB0: Unable to read latency timer: -71
[  863.858469][T11359] vhci_hcd: connection closed
[  863.868000][ T6632] vhci_hcd: stop threads
[  863.878888][ T6632] vhci_hcd: release socket
[  863.883725][ T6632] vhci_hcd: disconnect device
[  863.886381][    T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71
[  863.922326][T11174] vhci_hcd: vhci_device speed not set
[  863.968534][    T9] ftdi_sio 8-1:0.0: GPIO initialisation failed: -71
[  863.998563][    T9] usb 8-1: FTDI USB Serial Device converter now attached to ttyUSB0
[  864.066896][    T9] usb 8-1: USB disconnect, device number 4
[  864.098923][    T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0
[  864.114925][    T9] ftdi_sio 8-1:0.0: device disconnected
[  865.714203][T11176] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  865.917606][T11176] usb 8-1: Using ep0 maxpacket: 8
[  865.954136][T11176] usb 8-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config
[  865.965080][T11176] usb 8-1: config 6 has 0 interfaces, different from the descriptor's value: 1
[  866.034308][T11176] usb 8-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91
[  866.044466][T11176] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  866.053209][T11176] usb 8-1: Product: syz
[  866.057809][T11176] usb 8-1: Manufacturer: syz
[  866.062736][T11176] usb 8-1: SerialNumber: syz
[  866.587018][ T3883] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  866.595200][ T3883] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  866.889198][T11383] xt_CT: No such helper "netbios-ns"
[  866.946918][T11174] usb 8-1: USB disconnect, device number 5
[  866.967341][ T3832] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  866.975502][ T3832] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  868.301387][T11403] 9pnet: p9_errstr2errno: server reported unknown error �@�L��	O�!��L�
[  870.377763][T11425] netlink: 'syz.6.1959': attribute type 39 has an invalid length.
[  875.116942][T11475] netlink: 'syz.3.1976': attribute type 5 has an invalid length.
[  875.125519][T11475] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1976'.
[  875.330824][T11479] netlink: 'syz.4.1978': attribute type 1 has an invalid length.
[  875.339426][T11479] netlink: 'syz.4.1978': attribute type 4 has an invalid length.
[  875.347860][T11479] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.1978'.
[  876.639177][T11486] loop7: detected capacity change from 0 to 4096
[  877.195268][T11486] ntfs3(loop7): ino=1a, mi_enum_attr
[  877.201518][T11486] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  878.598496][T11513] netlink: 'syz.3.1994': attribute type 7 has an invalid length.
[  878.607696][T11513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1994'.
[  878.810945][T11515] loop7: detected capacity change from 0 to 1024
[  878.870316][T11515] EXT4-fs: Ignoring removed nobh option
[  878.877673][T11515] EXT4-fs: Ignoring removed bh option
[  879.049151][T11515] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  879.494850][T10076] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  880.286875][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x1
[  880.295418][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.304367][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.313112][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.326365][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.336534][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.345344][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.354184][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.362914][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.371783][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.380424][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.389932][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.398707][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.408747][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.417765][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.430846][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.440909][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.449767][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.458369][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.467110][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.476150][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.484978][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.498421][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.507874][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.529309][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.539313][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.553331][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.563474][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.572371][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.581391][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.590198][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.599120][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.607896][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.616699][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.630074][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.640168][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.648846][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.657695][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: unknown main item tag 0x0
[  880.862303][T11176] hid-generic FFFF:FFFFFFFC:20000001.0006: hidraw0: <UNKNOWN> HID va0.69 Device [syz0] on syz1
[  881.564400][T11537] fido_id[11537]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  884.038296][T11566] tipc: Started in network mode
[  884.043662][T11566] tipc: Node identity 4, cluster identity 4711
[  884.050743][T11566] tipc: Node number set to 4
[  887.856945][T11607] loop9: detected capacity change from 0 to 1024
[  888.098546][T11607] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  888.118275][T11607] ext4 filesystem being mounted at /18/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  888.964611][T11169] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  892.720353][T11709] overlayfs: failed to clone upperpath
[  893.056502][T11711] loop9: detected capacity change from 0 to 1024
[  893.461370][T11711] =====================================================
[  893.469124][T11711] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x7cb/0x990
[  893.478261][T11711]  __hfsplus_ext_cache_extent+0x7cb/0x990
[  893.484290][T11711]  hfsplus_file_extend+0x7b5/0x1df0
[  893.490000][T11711]  hfsplus_get_block+0xfc3/0x1a20
[  893.495392][T11711]  __block_write_begin_int+0xa76/0x3030
[  893.501580][T11711]  cont_write_begin+0x10e1/0x1bc0
[  893.507388][T11711]  hfsplus_write_begin+0x85/0x130
[  893.512694][T11711]  cont_write_begin+0x35a/0x1bc0
[  893.518736][T11711]  hfsplus_write_begin+0x85/0x130
[  893.524056][T11711]  generic_cont_expand_simple+0x162/0x390
[  893.534924][T11711]  hfsplus_setattr+0x2af/0x5c0
[  893.541472][T11711]  notify_change+0x1990/0x1aa0
[  893.546799][T11711]  do_truncate+0x28f/0x310
[  893.551706][T11711]  do_ftruncate+0x698/0x730
[  893.557280][T11711]  __ia32_compat_sys_ftruncate+0x149/0x280
[  893.563713][T11711]  ia32_sys_call+0x3246/0x42c0
[  893.569018][T11711]  __do_fast_syscall_32+0xb0/0x150
[  893.574397][T11711]  do_fast_syscall_32+0x38/0x80
[  893.579803][T11711]  do_SYSENTER_32+0x1f/0x30
[  893.584600][T11711]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  893.592361][T11711] 
[  893.594864][T11711] Uninit was created at:
[  893.599626][T11711]  __kmalloc_noprof+0x95f/0x1310
[  893.604812][T11711]  hfsplus_find_init+0x90/0x1d0
[  893.610179][T11711]  hfsplus_file_extend+0x72f/0x1df0
[  893.615667][T11711]  hfsplus_get_block+0xfc3/0x1a20
[  893.621306][T11711]  __block_write_begin_int+0xa76/0x3030
[  893.627849][T11711]  cont_write_begin+0x10e1/0x1bc0
[  893.637891][T11711]  hfsplus_write_begin+0x85/0x130
[  893.644547][T11711]  cont_write_begin+0x35a/0x1bc0
[  893.649974][T11711]  hfsplus_write_begin+0x85/0x130
[  893.655254][T11711]  generic_cont_expand_simple+0x162/0x390
[  893.661650][T11711]  hfsplus_setattr+0x2af/0x5c0
[  893.666884][T11711]  notify_change+0x1990/0x1aa0
[  893.671928][T11711]  do_truncate+0x28f/0x310
[  893.676829][T11711]  do_ftruncate+0x698/0x730
[  893.681645][T11711]  __ia32_compat_sys_ftruncate+0x149/0x280
[  893.687898][T11711]  ia32_sys_call+0x3246/0x42c0
[  893.692903][T11711]  __do_fast_syscall_32+0xb0/0x150
[  893.698513][T11711]  do_fast_syscall_32+0x38/0x80
[  893.703645][T11711]  do_SYSENTER_32+0x1f/0x30
[  893.708696][T11711]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  893.715351][T11711] 
[  893.718192][T11711] CPU: 1 UID: 0 PID: 11711 Comm: syz.9.2038 Tainted: G        W           6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(undef) 
[  893.737478][T11711] Tainted: [W]=WARN
[  893.741477][T11711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  893.753231][T11711] =====================================================
[  893.760553][T11711] Disabling lock debugging due to kernel taint
[  893.767245][T11711] Kernel panic - not syncing: kmsan.panic set ...
[  893.773901][T11711] CPU: 1 UID: 0 PID: 11711 Comm: syz.9.2038 Tainted: G    B   W           6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(undef) 
[  893.787961][T11711] Tainted: [B]=BAD_PAGE, [W]=WARN
[  893.793147][T11711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  893.803430][T11711] Call Trace:
[  893.806863][T11711]  <TASK>
[  893.809957][T11711]  __dump_stack+0x26/0x30
[  893.814681][T11711]  dump_stack_lvl+0x53/0x270
[  893.819577][T11711]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  893.825794][T11711]  dump_stack+0x1e/0x25
[  893.830384][T11711]  panic+0x4bd/0xd50
[  893.834612][T11711]  kmsan_report+0x31c/0x320
[  893.839691][T11711]  ? __msan_warning+0x1b/0x30
[  893.844739][T11711]  ? __hfsplus_ext_cache_extent+0x7cb/0x990
[  893.850914][T11711]  ? hfsplus_file_extend+0x7b5/0x1df0
[  893.856637][T11711]  ? hfsplus_get_block+0xfc3/0x1a20
[  893.862108][T11711]  ? __block_write_begin_int+0xa76/0x3030
[  893.868134][T11711]  ? cont_write_begin+0x10e1/0x1bc0
[  893.873647][T11711]  ? hfsplus_write_begin+0x85/0x130
[  893.879163][T11711]  ? cont_write_begin+0x35a/0x1bc0
[  893.884584][T11711]  ? hfsplus_write_begin+0x85/0x130
[  893.890030][T11711]  ? generic_cont_expand_simple+0x162/0x390
[  893.896534][T11711]  ? hfsplus_setattr+0x2af/0x5c0
[  893.901768][T11711]  ? notify_change+0x1990/0x1aa0
[  893.906986][T11711]  ? do_truncate+0x28f/0x310
[  893.911960][T11711]  ? do_ftruncate+0x698/0x730
[  893.917008][T11711]  ? __ia32_compat_sys_ftruncate+0x149/0x280
[  893.923330][T11711]  ? ia32_sys_call+0x3246/0x42c0
[  893.928488][T11711]  ? __do_fast_syscall_32+0xb0/0x150
[  893.934028][T11711]  ? do_fast_syscall_32+0x38/0x80
[  893.939324][T11711]  ? do_SYSENTER_32+0x1f/0x30
[  893.944550][T11711]  ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  893.951450][T11711]  ? kmsan_get_metadata+0xfb/0x160
[  893.957329][T11711]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  893.963951][T11711]  ? kmsan_get_metadata+0xfb/0x160
[  893.969352][T11711]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  893.975592][T11711]  ? hfsplus_brec_find+0x216/0x9f0
[  893.981006][T11711]  ? __pfx_hfs_find_rec_by_key+0x10/0x10
[  893.986959][T11711]  ? __hfsplus_ext_write_extent+0x535/0x620
[  893.993213][T11711]  ? kmsan_get_metadata+0xfb/0x160
[  893.998640][T11711]  __msan_warning+0x1b/0x30
[  894.003415][T11711]  __hfsplus_ext_cache_extent+0x7cb/0x990
[  894.009455][T11711]  hfsplus_file_extend+0x7b5/0x1df0
[  894.014977][T11711]  hfsplus_get_block+0xfc3/0x1a20
[  894.020295][T11711]  ? kmsan_internal_set_shadow_origin+0x79/0x110
[  894.027042][T11711]  __block_write_begin_int+0xa76/0x3030
[  894.033014][T11711]  ? __pfx_hfsplus_get_block+0x10/0x10
[  894.038790][T11711]  cont_write_begin+0x10e1/0x1bc0
[  894.044061][T11711]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  894.050204][T11711]  ? kmsan_get_metadata+0xfb/0x160
[  894.055624][T11711]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  894.061789][T11711]  hfsplus_write_begin+0x85/0x130
[  894.067059][T11711]  ? __pfx_hfsplus_get_block+0x10/0x10
[  894.072798][T11711]  ? __pfx_hfsplus_write_begin+0x10/0x10
[  894.078780][T11711]  cont_write_begin+0x35a/0x1bc0
[  894.084030][T11711]  hfsplus_write_begin+0x85/0x130
[  894.089335][T11711]  ? __pfx_hfsplus_get_block+0x10/0x10
[  894.095089][T11711]  ? __pfx_hfsplus_write_begin+0x10/0x10
[  894.100977][T11711]  generic_cont_expand_simple+0x162/0x390
[  894.106961][T11711]  hfsplus_setattr+0x2af/0x5c0
[  894.111999][T11711]  ? __pfx_hfsplus_setattr+0x10/0x10
[  894.117541][T11711]  notify_change+0x1990/0x1aa0
[  894.122621][T11711]  do_truncate+0x28f/0x310
[  894.127505][T11711]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  894.133984][T11711]  do_ftruncate+0x698/0x730
[  894.138817][T11711]  __ia32_compat_sys_ftruncate+0x149/0x280
[  894.145075][T11711]  ia32_sys_call+0x3246/0x42c0
[  894.150283][T11711]  __do_fast_syscall_32+0xb0/0x150
[  894.155710][T11711]  ? irqentry_exit_to_user_mode+0x82/0xa0
[  894.161880][T11711]  do_fast_syscall_32+0x38/0x80
[  894.167016][T11711]  do_SYSENTER_32+0x1f/0x30
[  894.171786][T11711]  entry_SYSENTER_compat_after_hwframe+0x84/0x8e
[  894.178396][T11711] RIP: 0023:0xf704e539
[  894.182649][T11711] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
[  894.202720][T11711] RSP: 002b:00000000f503e55c EFLAGS: 00000206 ORIG_RAX: 000000000000005d
[  894.211438][T11711] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000000c17a
[  894.219736][T11711] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  894.227940][T11711] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
[  894.236418][T11711] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000
[  894.244786][T11711] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000
[  894.254068][T11711]  </TASK>
[  894.257719][T11711] Kernel Offset: disabled
[  894.262293][T11711] Rebooting in 86400 seconds..