last executing test programs:

7.251335941s ago: executing program 1 (id=12299):
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd39659d1900140600fe8000000000000000000000000000bbfe8000ae00004e220000000000000000000000005e30615249642dde5e2e4afac5829b7a9c3a060cd7818aed4c5e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)

7.205338214s ago: executing program 1 (id=12301):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]})
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)

6.084794541s ago: executing program 1 (id=12304):
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r4}, &(0x7f0000000380), &(0x7f00000003c0)='%pK    \x00'}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
getsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000002300)=[{}], &(0x7f0000000080)=0x8)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@loopback}}, 0xe8)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x0, 0x4, 0xc}, 0x48)

6.024847875s ago: executing program 0 (id=12306):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000400)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})

6.024398396s ago: executing program 0 (id=12307):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
getpid()
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]})

6.023563696s ago: executing program 0 (id=12308):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x0, 0x6, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}], [], 0x2c})
linkat(0xffffffffffffffff, &(0x7f0000000180)='./file1\x00', 0xffffffffffffffff, &(0x7f00000001c0)='./file3\x00', 0x0)
openat(0xffffffffffffffff, &(0x7f0000000080)='./file3\x00', 0x0, 0x0)
r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r4, &(0x7f0000000200)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b]}, 0x45c)

5.274027473s ago: executing program 1 (id=12310):
r0 = syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00058639aa6f0bfbe4b28434ef119376977b00fffbcec7a5fc1f5a72d4fe24156a9f971990e4f372b7"], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=<r3=>r1, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000280))
r5 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0)
ftruncate(r5, 0x0)
sendfile(r5, r5, 0x0, 0x800000009)
mkdir(&(0x7f0000000680)='./bus/file0\x00', 0x20)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@default_permissions}]})
r6 = socket$tipc(0x1e, 0x2, 0x0)
r7 = socket$tipc(0x1e, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYRES16=r3, @ANYRES32=r8, @ANYRESHEX=r4], &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
sendmsg$tipc(r6, &(0x7f00000009c0)={&(0x7f00000002c0)=@name={0x1e, 0x2, 0x3, {{0x42, 0x4}, 0x2}}, 0x10, &(0x7f0000000940)=[{&(0x7f00000003c0)}, {&(0x7f0000000440)="5b2a817f2f1c938956cd743f4b23347426a22d95bc8d9edafe74bf37e886c3e899779a3e85c80e0130b37e641256a98914803d7c656b49838c16700638e26d631d60304c0993c808134d3cd01a6374dae9a5d06eac862faad9f4945228e0541fbfc4072d38804478d85fc91d5b8874d4f7fca752bee546c65bcbc7aa813b2efee605922b5e83e9eb9e24c6b689123f6952be47472a7361a0f65af626987359f448e9a88dbf0ce4312438c728b8a8d2e4d2b9af383c56e91585676d16cae8e0e3d6b735a17d2731b5", 0xc8}, {&(0x7f0000000600)="0f99ae6a0f230970df1fe51f1d5f78ec9b731af09d0a2ed00289b408c1020b2ce06184dd291d28b8af30abc6470057886f6fe14f2cd6ef5e35052758c8eff73f2789a7df92f818", 0x47}, {0x0}, {&(0x7f0000000580)="455edac49eb7ec869212e7e8cf9bef006d1ceae574def89cbe22d992020e", 0x1e}, {&(0x7f0000000700)="2a62613fdba92566ad1dcdfbca598a508863495ad92b00620a005236a08157b21844dc83362cadf4acc55dff689288fe8c8be04903510463b1cea954806fce1f7077", 0x42}, {&(0x7f0000000780)="da647ad44dd6180fe7b3948c819f4ac7f5b16f72b92ce5f125effc7b0e58eb7e423b0288f7bc0407700e853c526dedcc197dcecc0b31f4465aaa3c054ee94552e83625739bf40d421c46cde2197adb27095343c00ae087e8809bdac47627a2b131f22a701555361a481e2b3bba4ed4cf67965e68d4492ab2b9b8a40ee6d1a382be90a65ef89a7923d0aa66bb3960", 0x8e}, {&(0x7f0000000840)="95aec5e11dbff61480b7dfba2ad3a5ab234f9e7e77305bbb6f95df9d608dadb81d3a1076f93e78240480ab994f51be6285b22e2812747072221073776cf408e4bc72a27e37306fa4433020f610cf898404f4f65c29328bc0411bba457d5cc7af040cbeca20e5743d8985a6de4ac590c9acd02a5c50e5837f55d4b29bd6da30797988408bd6e857793971dcd4ab12ab67eb0c6698519f3ee56dd8a509cd64cfaf6774cab0af65d6ec42c734758fc3d6e19fe43ce3d61ad42a306172a6cc1177076bfb6d8335a2775140503ec1385ffa4569cb2f5c7dfa77868bcaaac700dbab7333fd575177da13436646", 0xea}], 0x8, &(0x7f0000000c00)="9a1767ede6d7442b7adf90a70244ecf9fc4aad88e685814259b6c8c2329c91b8bdf45747a262100888e9d55a88fa2193d368fea91bd055db17f32b8817c059fccf0f985f3064f66b4fa545fa7865491f66fbb00ed2a3f619c4adabdc423c9ccd33e9355e443e40d88a8457689d66fde1f463634b83a0f4fc08a906a0f67ee435494e4117f4a69abcd574aaa66f8b5328be2c87ceaabd5e5ee932c1803713dbb28356df27a50e86a142e2c9c1d5262e843eaccaf60cb8cff2219698861d818c03907da4143927b017f75febce5314be9214db4450b3e537568aa34aa1d9c8ee5aecdb823f49439b458a2be6ccd1dd0c0055acb5db845c416f2067", 0xfa, 0x20000084}, 0x20000080)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x20, &(0x7f0000000380)=ANY=[@ANYBLOB="740ff70200fb", @ANYRES8])
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000340)={0x42, 0x3, 0x3}, 0x10)
bind$tipc(r6, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x10000000}}, 0x10)
bind$tipc(r6, &(0x7f0000000080)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}}}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
signalfd4(r9, &(0x7f00000003c0)={[0x3]}, 0x8, 0x1800)
syz_usb_connect(0x5, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000e226f310490b4f06e8b9010203010902120001000000000904", @ANYRES64=r0, @ANYRES16=r4], 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x4, 0x3}, 0x1)
bind$tipc(r6, &(0x7f0000000280)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x2}}, 0x10)
sendmsg$tipc(r6, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10, 0x0}, 0x0)

5.159229202s ago: executing program 0 (id=12313):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]})
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)

5.05778311s ago: executing program 0 (id=12314):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r3=>0xffffffffffffffff})
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]})
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)

4.766413863s ago: executing program 2 (id=12311):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd39659d1900140600fe8000000000000000000000000000bbfe8000ae00004e220000000000000000000000005e30615249642dde5e2e4afac5829b7a9c3a060cd7818aed4c5e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)

4.751165544s ago: executing program 2 (id=12316):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000440)={{r0}, &(0x7f00000003c0), &(0x7f0000000400)}, 0x20)
pipe2$watch_queue(0x0, 0x80)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000380)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_gettime(0x0, &(0x7f0000000040))

4.381267762s ago: executing program 3 (id=12319):
r0 = syz_mount_image$erofs(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB="00058639aa6f0bfbe4b28434ef119376977b00fffbcec7a5fc1f5a72d4fe24156a9f971990e4f372b7"], 0x0, 0x17d, &(0x7f0000001ac0)="$eJzsmLFP+kAUx7/vyg/yMy6uLg4SxcHSFjUuxLA5mogaNwlUghYx0EGYdPH/cHZwdvOPMM7qYFwY3Uxqej3oQQR10MT4PsPj+7h313evyXcoGIb5szw+vNyvFe+EAWASaaTU/89GXCO0+tfb83Jraj1/OfeUv041robPIwBB8PnnJwDcFAz4Kg+Cwd1p9VuE6OstCCwovQOCqfQeBLaVdkHYVfpA042w3jT3a55rlhteJRRWGOwwOGHIDffXPSNUtP5IW2+1O4clz3Ob3yg+ml+3IJDX+tPfV282ljY/GwK20jkQNpVeRao3m2gk2v2nE/H5xg/fnwULFr9NxP4UXBDmNX9KaP6R9evH2Va7s1irl6pu1T1ynNyKtWRZy05WGlEUx/jff+lPE9r5/0bUJimJk5LvN+0o9nMniu85rpD+J5CZjfLQ+5Mju4nWSe0jqTLGmHKGYRiGYRiGYRiGYRiGYZgvMAOSX0EldIo4GcDZkNVvAQAA///an3MA")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000180)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=<r3=>r1, @ANYBLOB="0000000000000000b702000014000000b7030000010000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000280))
r5 = open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0)
sendfile(r5, r5, 0x0, 0x800000009)
mkdir(&(0x7f0000000680)='./bus/file0\x00', 0x20)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000200)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@default_permissions}]})
r6 = socket$tipc(0x1e, 0x2, 0x0)
r7 = socket$tipc(0x1e, 0x2, 0x0)
r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000d00)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x4}, 0x48)
r9 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYRES16=r3, @ANYRES32=r8, @ANYRESHEX=r4], &(0x7f0000000200)='GPL\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00'}, 0x10)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
sendmsg$tipc(r6, &(0x7f00000009c0)={&(0x7f00000002c0)=@name={0x1e, 0x2, 0x3, {{0x42, 0x4}, 0x2}}, 0x10, &(0x7f0000000940)=[{&(0x7f00000003c0)}, {&(0x7f0000000440)="5b2a817f2f1c938956cd743f4b23347426a22d95bc8d9edafe74bf37e886c3e899779a3e85c80e0130b37e641256a98914803d7c656b49838c16700638e26d631d60304c0993c808134d3cd01a6374dae9a5d06eac862faad9f4945228e0541fbfc4072d38804478d85fc91d5b8874d4f7fca752bee546c65bcbc7aa813b2efee605922b5e83e9eb9e24c6b689123f6952be47472a7361a0f65af626987359f448e9a88dbf0ce4312438c728b8a8d2e4d2b9af383c56e91585676d16cae8e0e3d6b735a17d2731b5", 0xc8}, {&(0x7f0000000600)="0f99ae6a0f230970df1fe51f1d5f78ec9b731af09d0a2ed00289b408c1020b2ce06184dd291d28b8af30abc6470057886f6fe14f2cd6ef5e35052758c8eff73f2789a7df92f818", 0x47}, {0x0}, {&(0x7f0000000580)="455edac49eb7ec869212e7e8cf9bef006d1ceae574def89cbe22d992020e", 0x1e}, {&(0x7f0000000700)="2a62613fdba92566ad1dcdfbca598a508863495ad92b00620a005236a08157b21844dc83362cadf4acc55dff689288fe8c8be04903510463b1cea954806fce1f7077", 0x42}, {&(0x7f0000000780)="da647ad44dd6180fe7b3948c819f4ac7f5b16f72b92ce5f125effc7b0e58eb7e423b0288f7bc0407700e853c526dedcc197dcecc0b31f4465aaa3c054ee94552e83625739bf40d421c46cde2197adb27095343c00ae087e8809bdac47627a2b131f22a701555361a481e2b3bba4ed4cf67965e68d4492ab2b9b8a40ee6d1a382be90a65ef89a7923d0aa66bb3960", 0x8e}, {&(0x7f0000000840)="95aec5e11dbff61480b7dfba2ad3a5ab234f9e7e77305bbb6f95df9d608dadb81d3a1076f93e78240480ab994f51be6285b22e2812747072221073776cf408e4bc72a27e37306fa4433020f610cf898404f4f65c29328bc0411bba457d5cc7af040cbeca20e5743d8985a6de4ac590c9acd02a5c50e5837f55d4b29bd6da30797988408bd6e857793971dcd4ab12ab67eb0c6698519f3ee56dd8a509cd64cfaf6774cab0af65d6ec42c734758fc3d6e19fe43ce3d61ad42a306172a6cc1177076bfb6d8335a2775140503ec1385ffa4569cb2f5c7dfa77868bcaaac700dbab7333fd575177da13436646", 0xea}], 0x8, &(0x7f0000000c00)="9a1767ede6d7442b7adf90a70244ecf9fc4aad88e685814259b6c8c2329c91b8bdf45747a262100888e9d55a88fa2193d368fea91bd055db17f32b8817c059fccf0f985f3064f66b4fa545fa7865491f66fbb00ed2a3f619c4adabdc423c9ccd33e9355e443e40d88a8457689d66fde1f463634b83a0f4fc08a906a0f67ee435494e4117f4a69abcd574aaa66f8b5328be2c87ceaabd5e5ee932c1803713dbb28356df27a50e86a142e2c9c1d5262e843eaccaf60cb8cff2219698861d818c03907da4143927b017f75febce5314be9214db4450b3e537568aa34aa1d9c8ee5aecdb823f49439b458a2be6ccd1dd0c0055acb5db845c416f2067", 0xfa, 0x20000084}, 0x20000080)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
mount$9p_fd(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x20, &(0x7f0000000380)=ANY=[@ANYBLOB="740ff70200fb", @ANYRES8])
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000340)={0x42, 0x3, 0x3}, 0x10)
bind$tipc(r6, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x10000000}}, 0x10)
bind$tipc(r6, &(0x7f0000000080)=@name={0x1e, 0x2, 0x3, {{0x42, 0x1}}}, 0x10)
socket$tipc(0x1e, 0x2, 0x0)
signalfd4(r9, &(0x7f00000003c0)={[0x3]}, 0x8, 0x1800)
syz_usb_connect(0x5, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000e226f310490b4f06e8b9010203010902120001000000000904", @ANYRES64=r0, @ANYRES16=r4], 0x0)
setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x4, 0x3}, 0x1)
bind$tipc(r6, &(0x7f0000000280)=@id={0x1e, 0x3, 0x3, {0x4e23, 0x2}}, 0x10)
sendmsg$tipc(r6, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x2, 0x4}}, 0x10, 0x0}, 0x0)

4.232214584s ago: executing program 0 (id=12321):
pread64(0xffffffffffffffff, &(0x7f0000001500)=""/4075, 0xfeb, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x0, 0x8, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000004000000"], &(0x7f0000000180)='GPL\x00', 0x4, 0x8f, &(0x7f00000002c0)=""/143}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000380)='sched_switch\x00', r4}, 0x10)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000006c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x200}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000000c0)=0xf)
ioctl$TCFLSH(r5, 0x400455c8, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000240)={r0, 0x20, &(0x7f0000000200)={&(0x7f0000000040)=""/26, 0x1a, 0x0, &(0x7f0000000300)=""/232, 0xe8}}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00'}, 0x10)
write$selinux_access(0xffffffffffffffff, &(0x7f00000008c0)=ANY=[@ANYBLOB='system_u:object_r:ptch0 unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 0'], 0x67)

3.804465597s ago: executing program 2 (id=12322):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
r5 = socket$inet_udp(0x2, 0x2, 0x0)
socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
getsockopt$CAN_RAW_FILTER(0xffffffffffffffff, 0x65, 0x1, &(0x7f0000002300)=[{}], &(0x7f0000000080)=0x8)
bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
connect$inet(r5, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x0, 0x0, 0xb7}}, 0xe8)
sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x11, 0x4, 0x4, 0xc}, 0x48)

3.184645344s ago: executing program 1 (id=12324):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

3.099797001s ago: executing program 1 (id=12325):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001840)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000340)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f00000000c0))
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
mount$incfs(&(0x7f0000000040)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000340), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0)

3.043507845s ago: executing program 2 (id=12326):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x458, 0x5011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0xff, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, 0x0, &(0x7f0000000340)='syzkaller\x00'}, 0x90)
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100))
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r3 = dup3(r2, r1, 0x0)
r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000300)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000380)={0x4c, 0x0, &(0x7f0000000740)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f00000001c0)={@flat=@weak_handle, @flat=@weak_binder, @flat=@weak_handle}, &(0x7f0000000240)={0x0, 0x18, 0x84}}, 0x1000}], 0x0, 0x0, 0x0})
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000580)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0xa, "f92242a8"}, @global=@item_012={0x1, 0x1, 0x4, 'O'}]}}, 0x0}, 0x0)

2.534058524s ago: executing program 3 (id=12328):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
syz_emit_ethernet(0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd39659d1900140600fe8000000000000000000000000000bbfe8000ae00004e220000000000000000000000005e30615249642dde5e2e4afac5829b7a9c3a060cd7818aed4c5e", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5002000090780000"], 0x0)

2.491513808s ago: executing program 3 (id=12329):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000400)={{r3}, &(0x7f0000000380), &(0x7f00000003c0)='%pK    \x00'}, 0x20)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r4, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r5}, 0x10)
connect$inet(r4, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@dev, 0x0, 0x33}, 0x0, @in=@loopback}}, 0xe8)
sendmmsg(r4, &(0x7f0000007fc0), 0x800001d, 0x0)

1.673100531s ago: executing program 3 (id=12333):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000700)={&(0x7f00000007c0)={0x44, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x480c0}, 0x40)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000200000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000480)={0x114, 0x19, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@typed={0x4, 0x2}, @generic="8ea8c9f569f0c669cd89bf5666985aa5f036cc846107511e43877c242ccabdcabf1148a438902657109cbb075eb345071a2cafa184f780fc8a8c779791704cb3c22f57b9b202a115b2e6c40d474be97a04a82ca1f4a10c998ccce288183825f09f6fe6b6c95c0d98549bde0a1b53e401a671200e17b4ceff93269a162eda690ac7e9165ab8c7edce9b325bae604b713f4fb0cccb791a951d2c4c872f21e1ac42ca29d8311d23bb837a3a2e8b6246ba4fe7d9beed08387487", @generic="aff1da722698a219bdf24eda30a3482ec92ba72c2d6184abc641f4142bfe3a1552d66d3cb7a05376cb630dcc566c68ea4a87c32cd023f722327257d7482cbb4896"]}]}, 0x114}], 0x1}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
linkat(r7, &(0x7f0000000180)='./file1\x00', r7, &(0x7f00000001c0)='./file3\x00', 0x0)
openat(r7, &(0x7f0000000080)='./file3\x00', 0x0, 0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r8, &(0x7f0000000200)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b]}, 0x45c)

1.024540831s ago: executing program 4 (id=12334):
r0 = signalfd(0xffffffffffffffff, &(0x7f00000001c0), 0x8)
mkdir(&(0x7f0000000140)='./control\x00', 0x0)
close(r0)
r1 = inotify_init1(0x0)
fcntl$setstatus(r0, 0x4, 0x2c00)
r2 = gettid()
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r3}, &(0x7f0000000180), &(0x7f00000004c0)=r4}, 0x20)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r5}, 0x10)
syz_emit_ethernet(0x8a, &(0x7f00000005c0)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd608a96460054060000000000000000000000000000000000fe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5007000090780000080a00000000000000091312ca0c734891a263a2ef1df715fb24b05e4e10200000000000000000000000000013122bdd4b74a1f6aa675459bc4d77085aa800007bfcfdfb2e51412f4bf2bf4a96f3bad6f91ed43c56a0eed58e4d1e53e025db934c2dc513327f842703dfbe80265223dc7f85d6ad53fe4863873c655f680864f6965a525a18003fd7a51fe2471d5acce350f1ff94f8a11a60caee556c475407b9c3731137ffc3e884e2f4eb350be25df7054f0238a914ca8bffef138f9e863b0b4b7b16ebe4b7efe2bbcbd61ced08c028"], 0x0)
fcntl$setown(r0, 0x8, r2)
rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8)
rt_sigtimedwait(&(0x7f0000000040)={[0xffffffffffff7ff8]}, 0x0, 0x0, 0x8)
inotify_add_watch(r1, &(0x7f0000000180)='./control\x00', 0xa4000960)
rmdir(&(0x7f0000000100)='./control\x00')

1.010251662s ago: executing program 4 (id=12335):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000bf080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000030000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff})
close(r0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000c80)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r2, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10)
pipe2(&(0x7f0000000000)={0x0, <r4=>0x0}, 0x0)
r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r5, &(0x7f0000000140)={0x1f, 0xffff}, 0x6)
close_range(r4, 0xffffffffffffffff, 0x0)

1.001909582s ago: executing program 4 (id=12336):
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@bloom_filter={0x1e, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r3, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})

987.458334ms ago: executing program 4 (id=12337):
openat$incfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(0xffffffffffffffff)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r2}, 0x10)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001300)={&(0x7f0000000c00)='net_dev_start_xmit\x00', r1}, 0x10)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000017c0)=ANY=[@ANYBLOB="b702000009000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2e6405000000000065060400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000002c3f2cc2b7956244cef7baf48e6d2885a09a87507ebfc75b5b0f4e4309ebcdac5f7a860c008cbdd3b4c3b7f28754860c9c781f6410457253e89ad528d985636a86ec0f68f59cd1159a2c2e85d726859a919cc9548a349980d1ccdce27f94bc074c27f81078545c146a0857153b7b8f00034debae58a4ab415b0d7ff0575cc272cd3d7e8d974927676468ff2d86e0ffac94792ed9cf6b40b3cf252a47c05ae8a70d57cc3e067d1867b54d24e20000000000000020009ebf84d3b042d6e432cd080e3b57239f0127473e6ba922aff649609d40b47ec331ccba3cf96f9483ff19a6471bf5abc742d9cbcfb964b11b31034694a6aad86cf08a6c7b2235dc99de9aa3e6b77c7a2877261ed32da90864987f30926c9013eec3b86836ae50447aa5a79f40c235000000453302712c3d8fc4e2b61adb0695e800000000d4f4e91f0000002c33df424d1bafe5725c8a404724f8a4f1cda7997b65954f74097579b91da309b887af2485c2d9ab09b506000000000000000bf7b2ff4602aec1eea200000064881c5630521a08e051374cf05c921a06fb7818000000009dc8d95e0e5b365d10e1004dae58b3b5b89709b0ff47b200000000004000cbef88811dc8c1b27ac7d9a6bb70f60eb9c01dd2fc79b85e4d961498f3a80131d21d856177a2189f45d011ef1da5c6d57bb8fd387ccea9c3899a914e47e82f040000009d81003f927355408f87264797d3fa970949793b94329d580500d1f91c0d22587e05a61e3d8576ca168e88d7a9af95b04a37c27bfffab9abbb31fa8c0080258cfa6d3f166e695f3c56490aeef464d9965d70a50f1282619344f223548e75fa39643adac1322c87ca253ff2fb1882760d6feab16bacdf83c11816dbe959ebc5ec479c8319f73e2249eab0486b110702a481d3b51976a52303056e800b4ae5acc2df636a65eb1d672bf2000000cda8462cc9b16624998be65683321e970000000009b8e20762c1bf4a3eb6769f2b23e842bacd9c685edea0ffa3e975424f8ede49e61a4de808a38ba3512d64dc71867df4eee3f1ff791cf7c9862f98b45852e4b2f78721b978a2df2f2a29a387c6f0576b36038f819286eca99a6a434811cf2a117d775fe986a49fb82cf5f15972d5ab18f1045384501adabb20f7b0e15ff47f1744e2341b59034959a1289ba6e243668e6735305707e3de7652bfc5b60c76deff43a1d6fd6a4180ab723735abbeffe7f2ec3a0bb86f9eddfc0f3d1d503d7a54b49e1ae6c5aa620d27e91aa0aa0ed6fcacfc91fbb4c256409e54daefbb107c381fa729ff5f3907d93430da178d685d7730f5e129438a5214f722096d29863301b0b811f69145d3fbd78a9059e454474f92e65828b018174a9f4738b8c71fbdeac26ab95e02f9a847182766964976b1fccdb9f35721e43e33883cf16ed1343fb7429eb395123b0a4262b7023c22039b9002589a378ed4c6267965af78b861bd025312538cec97966b8973d4e299d9802264d06e40ae118e1d242d1128dcedeb44030df12ef68f78215d65f96eb55db8cbcb060008000d988374f85451a694ffe38a1d03916ff1eec72b31c98d42e1a1bda1290de1a499a5a385b31112a48ba3e6d6849914c1788a7aca37177cc341fff44fec5c5e0abae01c439a1b0311e074e81ae9993b5b3459553e4ece78d4c1501c70f5d81e0725d5b273755c0000000000000000aa4234ff82182952a76233d18e7d49638aeb04e7a9e9e7eafb7c255372795d2d192a0a33cab0f5bf2e93e0544fcdf2df2bc6ce96e5a11993d54f97a23754ac828674dbb93c0ad345715be4a13678b01edf76d8a923655800a2c88cce004505ab45d8f5f88aa887bbce5c18970428516f6099bdbb2cd7a2356397f1a0a23e662e2a6c4834400cbaa41c3c574e6e6aefb7a68da5ec1ae49f968bbe0e0bf9878516f553639f5b4828e92019b61f5874be1c7cdd9482df50bc24a8a1fa10d291390eb84e26a2e8dbeaa45604b05a116c1210a7540bf81005044273f5a8ffc538db289350eb248e483bd8920efcf30a798c2b636243e0a37262ca47dfeefa753ba528f7ba77e825051ce69b4475d7d714ba0c636e6ae9f710411d30ef424aeaabe057c7df6ff8f767bcd9012e1047c686f5ccb76ab3a5df53cbc22ba7ea8f6a8e220bb4d83de1e4dc19d6c1be841503850803bc2c2d5e0e34270a7f1cca0c6c53a8e5f891f7a793a70da62d6d88fbb90d220acc687931b42d6be83ab870da3c0a567f5e65ec0457f4ad2a4ec0b671b36388afd5520a8483a4b11f7d02a41b315f0f9e59f47668d68a74838d6976e12fd45200014041dffacbf60892ec8bd7560686f137a806d3dfaba900b47cac62f828342fff009adb5b2251461a1b9d6ba625b8fe04e69a1a4be2696f0000000086e172932e03000000000000005942e1b9d6dc28ab8e19e1111dd893e801015642faf21eef40d6e7de3ef62c4bc5ff17e7aeb2841098f845d1cc9ec4eee79c298fb0ba939b13707044e2e9cc0d350438c1c8c6bb9a38c6ac5ca0d9cf1f3d6915f25cb26edfc28b3079b97df32601240e454db103fb0c4a14c16837394d2b3673a3f160d3a7b83ecd0509ce9eba0c7bf7843799b1b56a234f9eaab8a3f14f1472bb6aaeb8ac9ee4054605558ab31f339f6a4caf2ee2fd01f34dca3300000000000000000000000000000000f59f8e6e00000000c44130098d833a24000000000095e6f945ba9a941cef5e70b8c152321e24b5b29bcf374dcf5a29a35d76e6e2bf8df95462690a4fc9ec8129e92b6ebb4b40a992a75d3c5954d0bfc87db24d856359079b29b3c374d081c300b2cfaa596d24e800ef8e2201f2fb7a9946f89f9f31f7cbd603fd7f8898c70b5c65f2e28f22e1a79a6af3a54861b07f124642e98389557affbdede09b5566a4a1ee73b20846810030a754acddcdafe3ceeeebc0b5f2fedfe7d198e3067f3dbac9441a9ab8409cbbb7e15b9ae3944097de34de2001c8533a3766e6e4c4c4702ccb932a27a3962814cd6aa8fc684beeaa3932efae3a9052be8eec1e95f6ad8d41dd34829503ba4b66e27154cb6e34aa13450522df1723130b6fb9bec59ae347c93f00e40e293c98d849a33f773c743728992f40faccd5c23130a1c6bfd6fc661bca1598137ddd1090ded672f5a48a40cab3f640c8241a364cbde0f188eec7da7bccafbd5bf28a46f0eecc6b550471b0b0770c6a5a411c0e0b19e15a461e7c6833ba936e214b013f2819ec6572a43b5cd32b11d7e4f8dcf8f7820a17b7b2ee6178a03351dd25091e46bfd82a3979b9cad109fd6217cd52aa81bdabd50826a674bd16b8f7e6aed12a305366599f5f029a7b24558c02750500002f1c19d16a6f391906000000cc0bbbfb8c698ecc137d96711100e0108d3bd2afed0b279ebf0527552a9331e646c424b14ffbb815622bfd2f635855bed1b164d0a56bd104be069854111c5b26ec3c652b5f0a6b9676dae987ec23456ba05a4dfb15321ef6b76e7e547a688c67ab531cfc784c9f940d9fb0464a6cce635e14b80dc5c1c64e75e6bd5355d84f8df272f18f58c570e7afd83ee77f157c146aa747b728969aeb4aba1d8f9de14275bf4a53e95235ae13768ab3fb8ab6ea50e884c2ea98e6400bf0c5ae2887cd1da0e57ccfdf5eca2b455247efcc13102846c0a85f20c80007c0ce6efce627b95b8ad3003385de97101678fb2163ecea6e70a77a6fbc089e31a5ccece932229b8f79faa6863d6857c3d9a9710f9f8ad16eeb8342278f311cbc226498028234d21466892983378fe64acbb44f694cd78e43c74aa75505cb1c91b189f8f89f233a05f5cd4e173a373178557843dd705268f74a9e5429945503195aefd6706b584d8408c9652b3fe68500747f7ee8375fa559c3ad195d3795df1a8364cd13acc3256ee4634c73eeb6954d0fcf09ab84df0b8900e0c6fea2ccb600ae7a4b128cae19df160e7c207b89132d1d5bdc9ffc79f0549b82df521817651d5fead5128205b92ccdccc69407ab556217af277af911dbd456dfc43dd061b6c91485dcc208cf0b3d0bf851de413f5de5ec015e296914afab6411109355e027ce04990d9aae251b9deb11b7db45b9f15b7b55d8fdbedd9e6cf891205694f02be8b9ea8ecd41308a0e1b93ae3435bfa88b440b1f701b4d0fc49c82193f27f8023b630ea97edbf3bf421a0a1a2b4ac7bb30bcd1cdd172c0df37408fd6827bb03e8742fc1c7a2befd1299928c5f79e846a8dc7ca648d960a759e6711b69776896a9656d59af6d44bc5348229fa84ae78af8421a22c4b4c17a3d24a4a0104000000000000d77cc4eef51c2b417c8c7458ddd7dd9d1a863bf0a9e1a30a19020490038017a5c7e474c83302a2c2b5c976dacf3dda7191c757f208000000000000005f7ed983f65723fbb36b9b51abb0dbcd33570000000000000000251aa4f139d0485ffcf89f01639fd1579a3802f720a0215c720a97071f5065a23642a58275dbca444b00e2e5835185d5d5b2796eb0fe32cf3b0633f58ecc7648c3c6efe82f93a3008052416512eea30ea9472e0b456a652883c0907323cf03be193ad0438cdef7a98a1671a1918df310dc4bfd61c3db4819ab1c57b348a8ff1ed36364a20fe846f11d045de81f069bac8425b31c5d08b433562ffb318c1285011f9b78b2401989384311101e452f54661ecdb2514a6ae50dbdd422de0f0f8c670000000000390be79688f80c4c314cb1b14afcaa5d23f9032e0ec51f45f447d6a7c798fcf7e60e2180e289410801e4f03a0e140f388f25b92da1025d8409e171a2336ed71cca86eb4658fe06df286e0e20276b0618eeffd05774f15686cd9d3182ca2fec863875f305fed6baf48a594db12582a38cfdffffffffffffff0cf8d920517835fe7d09cfcb624f6931f1cc6f6b71f58de9ddc38e0c43992f6bc57a718d0cfd197b5324b4e05ef1caa96db3ae1f2f2e5791faba2ebbe1a6faf21f2748fb1fb6743c3ca8af4e6b02518c9b7fdc1b5721eb1c3ed98db25536f74ac7861afc94544e52dcb5c60460a05802e3b437ac977bfa26b887a2443e8d559c58187f004eb82b07937df6e96f77ed551926bec4e0188fae10a35d1c5f1768ac6be829be1827f9df303160df18597efba46f1babc3d74adc31ca71bdab9079e4288881b434484eadde9da6b81802842abd462d546c59d87acc014f81d3414759bda12d2a2c6bc1bfa807bd3101eb227184a61107b6d0618e2a3b842671e084ac3f0ff94dc48b51601247318ab4d1c5106458000000000008000000000000cfee0107e6c2fe8639d926829fdbbd86bf591a8c3c235d8939af9d923f648165881a6c29997234406200b3b1c321cc158dbe17123eace3000000000000000000000000000000000000796de6ae4ae40bdf9a6e8c5dc29562262af9cd54e8e3ecc7e3c8cba0ecc791683496c4e5c1a5729714d9f9031f49b400cd2667b4ea6df54809615a4f973f93e6ccec72f16ff998e29ed99df733680a9d5cea57f99cc139b6ea9014f3000000000000000000000000000000000000feeab45a4046a622b0dceb413e4e39b7317e92cbed46b41ab5115bfb542c933783d750852dfdc6656aaf15e10615a88821f2f1bc53969b52d6852755e7681ad5beda80b38ccd34116b99f50b4fdd967b3f20f260455412b675639a26c76840cce40e323bde9d673fceda0ad6981565c8a183d928903b4f4472dde41b6dcd75314c31e704dfcb222c8359fe88944f852242270c932abfaeece0843d708f5cd25b2a63ae1e79723c1c3c013836b47da0a35d0f34c0705caae54024cf8ade6396ff44482284f415e5769d9ae8688a8d5516690aae9ce1c785262734723519b042a161e6efabf263a46ba92254a51ff6502470f3038cf6d8d991931cfd82ea97e1b596133e7754908d912d1054d174f5a731c019f152a5ca2e48599b6d563bfcd8c0950f4292769217a6e309452b14e64ae64ad58ced33582a1b3d2e0c300059fb1ee78cdddb827293de267d64bf47c3c8c419683c948e46de8cea0b232da00ff39ebef3b73b3d6fbeecd3f9ff06b7e08ed8ce2b9b9cf2e08975f5959fa7028f68c525ab173c0c553d21bd1e9176abdf799e7a08d2f3c14e1ca99d525bc3af0ca0f48f145c65b10dfc67803aab67f6b631d3d7e237fec4bc6eacc364b7cdd925973705d40c5a614e354d9b92357845d15ea41ad3e3a98396131f835e17f0cbfbdc59453991e689f9ce19bd4a3b4121e5a8b5dbb519b5556cb70603ceac0b7ca02cb05a01afa3164ca428add947673cdba49a0e6e8aeeddf52c0f0ef224c69a3c96c2fddf56d74c4ae7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r3, 0x20e, 0xe40, 0xfd000004, &(0x7f00000004c0)="b9180bb76003070c009e40f086dd1fff290000003b0020010010ac14142ee0080001c699da153f0ae0e6e380f60115f683317585d7472ce0ab4439f0f570ff155bc5f73ba3f8bb99a6e8ded1ce485cf058105cd981b42493481cd659416a2e10c9119664f36eb00b333c20c9ec0c222d644bdcb178c1cc53d6960fbb842d6a33dfcde3a1e1848135214baf139753866cadcbe3ce52505e992818cc452bee339d9ab076f484020eaa348a21d7911e4c44905256ec2cc54cca47a198b00c10aff62a4bed43a2ebcad92743fb22c593f28fd4bb7c703cde9cae0569d4c8d9a823f2c12863f7a6c0cf88ed22aae4f6f084508833b61429a25773eedf63dd9f33d430f2a0a30a7761db16fe0f743b95ded898c28aac1256ce2751b3d738899b8b19d9052b7f13ff94", 0x0, 0x31, 0x6000000000000000, 0xfffffffffffffe7e, 0x1d4}, 0x28)

958.901586ms ago: executing program 4 (id=12338):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x256c, 0x6d, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001440)={0x24, 0x0, 0x0, &(0x7f00000013c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000001840)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0003040000000403"], 0x0, 0x0}, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000300)={0x24, 0x0, &(0x7f0000000340)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f00000000c0))
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
mkdir(&(0x7f0000000080)='./file0\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000000)={0x24, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003"], 0x0, 0x0}, 0x0)

850.792424ms ago: executing program 3 (id=12339):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000700)={&(0x7f00000007c0)={0x44, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x480c0}, 0x40)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000200000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$netlink(r6, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000480)={0x10c, 0x19, 0x1, 0x0, 0x0, "", [@nested={0xf9, 0x0, 0x0, 0x1, [@typed={0x4, 0x2}, @generic="8ea8c9f569f0c669cd89bf5666985aa5f036cc846107511e43877c242ccabdcabf1148a438902657109cbb075eb345071a2cafa184f780fc8a8c779791704cb3c22f57b9b202a115b2e6c40d474be97a04a82ca1f4a10c998ccce288183825f09f6fe6b6c95c0d98549bde0a1b53e401a671200e17b4ceff93269a162eda690ac7e9165ab8c7edce9b325bae604b713f4fb0cccb791a951d2c4c872f21e1ac42ca29d8311d23bb837a3a2e8b6246ba4fe7d9beed08387487", @generic="aff1da722698a219bdf24eda30a3482ec92ba72c2d6184abc641f4142bfe3a1552d66d3cb7a05376cb630dcc566c68ea4a87c32cd023f72232"]}]}, 0x10c}], 0x1}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r7 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
linkat(r7, &(0x7f0000000180)='./file1\x00', r7, &(0x7f00000001c0)='./file3\x00', 0x0)
openat(r7, &(0x7f0000000080)='./file3\x00', 0x0, 0x0)
r8 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r8, &(0x7f0000000200)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b]}, 0x45c)

572.438676ms ago: executing program 2 (id=12340):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@index_on}]})
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)

433.935837ms ago: executing program 2 (id=12341):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000d8ffffffb703000008000000b70400000000925e850000000800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
sendmsg$IEEE802154_LIST_IFACE(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000700)={&(0x7f00000007c0)={0x44, 0x0, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan3\x00'}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x480c0}, 0x40)
r4 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="180000000000000000000000020000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b7000000000000009500000000000000"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@metacopy_on}], [], 0x2c})
r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0)
linkat(r6, &(0x7f0000000180)='./file1\x00', r6, &(0x7f00000001c0)='./file3\x00', 0x0)
openat(r6, &(0x7f0000000080)='./file3\x00', 0x0, 0x0)
r7 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180), 0x802, 0x0)
write$uinput_user_dev(r7, &(0x7f0000000200)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8b]}, 0x45c)

330.247434ms ago: executing program 4 (id=12342):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r3 = dup(r2)
ioctl$KDFONTOP_GET(r3, 0x4b72, &(0x7f0000000400)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0})

0s ago: executing program 3 (id=12343):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b", @ANYRES32], 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

 tx timeout
[ 1720.288858][ T5940] Bluetooth: hci0: sending frame failed (-49)
[ 1720.295146][T17771] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1720.939803][ T9776] EXT4-fs (loop1): Ignoring removed orlov option
[ 1720.946109][ T9776] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1720.953304][ T9776] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a014e09c, mo2=0002]
[ 1720.961134][ T9776] System zones: 1-12
[ 1720.965365][ T9776] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.11787: casefold flag without casefold feature
[ 1720.978075][ T9776] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.11787: missing EA_INODE flag
[ 1720.989954][ T9776] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.11787: error while reading EA inode 12 err=-117
[ 1721.002252][ T9776] EXT4-fs (loop1): 1 orphan inode deleted
[ 1721.007935][ T9776] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,minixdf,max_dir_size_kb=0x0000000000009c7c,debug,grpquota,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue
[ 1721.032153][ T9776] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[ 1721.061512][ T9776] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31302 sclass=netlink_route_socket pid=9776 comm=syz.1.11787
[ 1721.862132][T22814] Bluetooth: hci1: command 0x1001 tx timeout
[ 1721.868039][ T5940] Bluetooth: hci1: sending frame failed (-49)
[ 1722.252591][T22814] Bluetooth: hci0: command 0x1001 tx timeout
[ 1722.275611][T22814] Bluetooth: hci2: command 0x1003 tx timeout
[ 1722.275644][ T5940] Bluetooth: hci0: sending frame failed (-49)
[ 1722.282030][  T606] Bluetooth: hci2: sending frame failed (-49)
[ 1722.475031][ T9816] overlayfs: failed to resolve './file0': -2
[ 1722.789170][ T9818] EXT4-fs (loop1): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 1722.806370][ T9818] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,noauto_da_alloc,jqfmt=vfsold,bsdgroups,resuid=0x0000000000000000,dioread_nolock,usrjquota=,discard,jqfmt=vfsv1,,errors=continue
[ 1723.471768][T24109] usb 4-1: new high-speed USB device number 115 using dummy_hcd
[ 1723.710166][T24109] usb 4-1: Using ep0 maxpacket: 32
[ 1723.834105][T24109] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1723.845084][T24109] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1723.854876][T24109] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[ 1723.863877][T24109] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1723.876757][T24109] usb 4-1: config 0 descriptor??
[ 1723.881572][   T15] Bluetooth: hci1: command 0x1009 tx timeout
[ 1724.224597][T18127] Bluetooth: hci0: command 0x1009 tx timeout
[ 1724.233827][T10445] Bluetooth: hci2: command 0x1001 tx timeout
[ 1724.239756][ T9807] Bluetooth: hci2: sending frame failed (-49)
[ 1724.561816][   T24] kauditd_printk_skb: 29 callbacks suppressed
[ 1724.561828][   T24] audit: type=1326 audit(1719945757.225:7553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9839 comm="syz.1.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff57d8dff19 code=0x7ffc0000
[ 1724.591147][T24109] usbhid 4-1:0.0: can't add hid device: -71
[ 1724.591221][T24109] usbhid: probe of 4-1:0.0 failed with error -71
[ 1724.597357][   T24] audit: type=1326 audit(1719945757.225:7554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9839 comm="syz.1.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff57d8dff19 code=0x7ffc0000
[ 1724.604063][T24109] usb 4-1: USB disconnect, device number 115
[ 1724.630693][   T24] audit: type=1326 audit(1719945757.225:7555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9839 comm="syz.1.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7ff57d8dff19 code=0x7ffc0000
[ 1724.656650][   T24] audit: type=1326 audit(1719945757.225:7556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9839 comm="syz.1.11805" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff57d8dff19 code=0x7ffc0000
[ 1725.059589][   T24] audit: type=1400 audit(1719945757.740:7557): avc:  denied  { accept } for  pid=9845 comm="syz.3.11807" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1725.154357][ T9852] syz.3.11809[9852] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1725.154412][ T9852] syz.3.11809[9852] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1726.205759][ T2808] Bluetooth: hci2: command 0x1009 tx timeout
[ 1727.055138][ T9892] overlayfs: failed to resolve './file0': -2
[ 1727.306988][ T9902] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1727.313875][ T9902] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1727.324127][ T9902] device bridge_slave_0 entered promiscuous mode
[ 1727.334851][ T9902] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1727.342527][ T9902] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1727.352418][ T9902] device bridge_slave_1 entered promiscuous mode
[ 1727.554898][ T9902] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1727.561758][ T9902] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1727.568851][ T9902] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1727.575618][ T9902] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1727.593611][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1727.600910][T24109] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1727.608532][T24109] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1727.619618][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1727.627657][T24109] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1727.634493][T24109] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1727.642464][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1727.650534][ T2808] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1727.657383][ T2808] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1727.670919][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1727.680179][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1727.692303][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1727.704459][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1727.731699][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1727.738929][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1727.754144][ T9902] device veth0_vlan entered promiscuous mode
[ 1727.768938][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1727.787115][ T9902] device veth1_macvtap entered promiscuous mode
[ 1727.802800][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1727.828956][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1727.841165][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1727.878943][ T9911] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1727.892376][ T9911] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1727.899641][ T9911] device bridge_slave_0 entered promiscuous mode
[ 1727.906896][ T9911] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1727.913946][ T9911] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1727.921293][ T9911] device bridge_slave_1 entered promiscuous mode
[ 1727.969667][ T9911] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1727.976510][ T9911] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1727.983598][ T9911] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1727.990385][ T9911] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1728.040875][ T2808] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1728.052061][ T2808] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1728.083697][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1728.112384][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1728.137700][T26424] device bridge_slave_1 left promiscuous mode
[ 1728.148900][T26424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1728.162979][T26424] device bridge_slave_0 left promiscuous mode
[ 1728.174392][T26424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1728.187935][T26424] device veth1_macvtap left promiscuous mode
[ 1728.198076][T26424] device veth0_vlan left promiscuous mode
[ 1728.566770][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1728.574835][ T2808] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1728.581676][ T2808] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1728.589753][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1728.598557][ T2808] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1728.605383][ T2808] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1728.613123][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1728.621326][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1728.648827][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1728.667444][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1728.676336][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1728.683853][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1728.691949][ T9911] device veth0_vlan entered promiscuous mode
[ 1728.706326][ T9911] device veth1_macvtap entered promiscuous mode
[ 1728.713611][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1728.726610][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1728.745873][T10449] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1729.133286][ T9948] overlayfs: failed to resolve './file0': -2
[ 1729.842527][ T9968] overlayfs: failed to resolve './file0': -2
[ 1730.018750][T26424] device bridge_slave_1 left promiscuous mode
[ 1730.025095][T26424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1730.035198][T26424] device bridge_slave_0 left promiscuous mode
[ 1730.041393][T26424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1730.053180][T26424] device veth1_macvtap left promiscuous mode
[ 1730.059231][T26424] device veth0_vlan left promiscuous mode
[ 1730.218268][ T9962] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1730.225203][ T9962] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1730.232344][ T9962] device bridge_slave_0 entered promiscuous mode
[ 1730.239136][ T9962] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1730.246297][ T9962] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1730.255076][ T9962] device bridge_slave_1 entered promiscuous mode
[ 1730.656317][ T9980] overlayfs: failed to resolve './file0': -2
[ 1730.722144][ T9962] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1730.729023][ T9962] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1730.736112][ T9962] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1730.742882][ T9962] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1730.768602][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1730.776630][T10445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1730.784267][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1730.792205][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1730.800393][ T9982] overlayfs: failed to resolve './file0': -2
[ 1730.808050][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1731.359020][T10445] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1731.365914][T10445] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1731.381065][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1731.390041][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1731.618583][ T9998] overlayfs: './bus' not a directory
[ 1731.633163][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1731.641531][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1731.657314][ T9962] device veth0_vlan entered promiscuous mode
[ 1731.667290][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1731.675335][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1731.689297][ T9962] device veth1_macvtap entered promiscuous mode
[ 1731.696305][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1731.845169][T17771] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1731.930991][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1731.938268][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1731.946442][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1731.955496][T24109] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1731.967947][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1731.976204][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1731.984342][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1731.992510][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1732.235346][T18127] usb 3-1: new high-speed USB device number 95 using dummy_hcd
[ 1732.354767][T10010] overlayfs: failed to resolve './file1': -2
[ 1732.568790][T18127] usb 3-1: Using ep0 maxpacket: 16
[ 1733.464257][T18127] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[ 1733.472423][T18127] usb 3-1: config 0 has no interface number 0
[ 1733.478753][T18127] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1733.493061][T18127] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1733.506809][T18127] usb 3-1: config 0 interface 255 has no altsetting 0
[ 1733.645065][T10024] overlayfs: failed to resolve './file0': -2
[ 1733.683212][ T2808] Bluetooth: hci0: command 0x1003 tx timeout
[ 1733.689268][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1733.887674][T18127] usb 3-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1733.899215][T18127] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1733.907168][T18127] usb 3-1: Product: syz
[ 1733.911155][T18127] usb 3-1: Manufacturer: syz
[ 1733.915621][T18127] usb 3-1: SerialNumber: syz
[ 1733.923876][T18127] usb 3-1: config 0 descriptor??
[ 1733.972253][T26424] device bridge_slave_1 left promiscuous mode
[ 1733.979013][T26424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1733.986487][T26424] device bridge_slave_0 left promiscuous mode
[ 1733.992502][T26424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1734.000123][T26424] device veth1_macvtap left promiscuous mode
[ 1734.005974][T26424] device veth0_vlan left promiscuous mode
[ 1734.189339][T18127] usb 3-1: USB disconnect, device number 95
[ 1734.641803][T10039] overlayfs: failed to resolve './file0': -2
[ 1734.698735][T10040] overlayfs: failed to resolve './file0': -2
[ 1734.882925][T10044] overlayfs: './bus' not a directory
[ 1735.065075][T10046] overlayfs: statfs failed on './file0'
[ 1735.140650][T24109] usb 3-1: new high-speed USB device number 96 using dummy_hcd
[ 1735.762036][T10058] overlayfs: failed to resolve './file0': -2
[ 1735.792132][T22814] Bluetooth: hci0: command 0x1001 tx timeout
[ 1735.816421][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1735.893677][T24109] usb 3-1: Using ep0 maxpacket: 16
[ 1736.255232][T24109] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[ 1736.263265][T24109] usb 3-1: config 0 has no interface number 0
[ 1736.269226][T24109] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1736.280158][T24109] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1736.294382][T24109] usb 3-1: config 0 interface 255 has no altsetting 0
[ 1736.935734][T24109] usb 3-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1736.945587][T24109] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1736.955635][T24109] usb 3-1: Product: syz
[ 1736.962653][T24109] usb 3-1: Manufacturer: syz
[ 1736.969139][T24109] usb 3-1: SerialNumber: syz
[ 1737.165815][T10080] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1737.209536][T24109] usb 3-1: config 0 descriptor??
[ 1737.240491][T10080] overlayfs: './bus' not a directory
[ 1737.247126][T10080] incfs: Can't find or create .index dir in ./file0
[ 1737.253612][T10080] incfs: mount failed -30
[ 1737.258266][T10080] erofs: Unknown parameter 't÷'
[ 1737.477244][T24109] usb 3-1: USB disconnect, device number 96
[ 1737.512570][T18127] usb 2-1: new high-speed USB device number 116 using dummy_hcd
[ 1737.661520][T10087] overlayfs: statfs failed on './file0'
[ 1737.798411][T10446] Bluetooth: hci0: command 0x1009 tx timeout
[ 1737.955256][T18127] usb 2-1: Using ep0 maxpacket: 16
[ 1738.065051][T18127] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[ 1738.091061][T18127] usb 2-1: config 0 has no interface number 0
[ 1738.598677][T18127] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1738.608171][T18127] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1738.616093][T18127] usb 2-1: Product: syz
[ 1738.620323][T18127] usb 2-1: Manufacturer: syz
[ 1738.624764][T18127] usb 2-1: SerialNumber: syz
[ 1738.629979][T18127] usb 2-1: config 0 descriptor??
[ 1738.763404][T10106] overlayfs: failed to resolve './file0': -2
[ 1738.933536][T10449] usb 2-1: USB disconnect, device number 116
[ 1739.499182][T10117] 9pnet: Insufficient options for proto=fd
[ 1740.059006][T10128] overlayfs: statfs failed on './file0'
[ 1740.186819][T10131] overlayfs: failed to resolve './file0': -2
[ 1740.970035][T10141] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1740.974384][T10145] syz.2.11888[10145] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1740.977109][T10145] syz.2.11888[10145] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1741.182804][T10141] incfs: Can't find or create .index dir in ./file0
[ 1741.201794][T10141] incfs: mount failed -30
[ 1741.206095][T10141] erofs: Unknown parameter 't÷'
[ 1741.387802][T10152] overlayfs: './bus' not a directory
[ 1741.487955][T10154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1741.494854][T10154] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1741.499244][T22814] usb 2-1: new high-speed USB device number 117 using dummy_hcd
[ 1741.502001][T10154] device bridge_slave_0 entered promiscuous mode
[ 1741.515807][T10154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1741.522677][T10154] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1741.530215][T10154] device bridge_slave_1 entered promiscuous mode
[ 1741.572402][T10154] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1741.579245][T10154] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1741.586338][T10154] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1741.593123][T10154] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1741.621399][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1741.640482][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1741.648793][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1741.671300][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1741.681010][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1741.695489][T10154] device veth0_vlan entered promiscuous mode
[ 1741.701718][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1741.709860][T10446] usb 3-1: new high-speed USB device number 97 using dummy_hcd
[ 1741.717987][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1741.726060][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1741.734115][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1741.823722][T22814] usb 2-1: Using ep0 maxpacket: 16
[ 1742.001854][T10154] device veth1_macvtap entered promiscuous mode
[ 1742.010646][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1742.023982][T10165] 9pnet: Insufficient options for proto=fd
[ 1742.033329][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1742.047188][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1742.052168][T10167] overlayfs: statfs failed on './file0'
[ 1742.077211][T10169] 9pnet: Insufficient options for proto=fd
[ 1742.109935][   T24] audit: type=1326 audit(1719945775.639:7558): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10170 comm="syz.3.11895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9213e85f19 code=0x7ffc0000
[ 1742.133979][T22814] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[ 1742.143851][T22814] usb 2-1: config 0 has no interface number 0
[ 1742.156176][   T24] audit: type=1326 audit(1719945775.681:7559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10170 comm="syz.3.11895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9213e85f19 code=0x7ffc0000
[ 1742.179671][   T24] audit: type=1326 audit(1719945775.681:7560): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10170 comm="syz.3.11895" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9213e85f19 code=0x7ffc0000
[ 1742.199101][T10446] usb 3-1: Using ep0 maxpacket: 16
[ 1742.303964][T22814] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1742.312853][T22814] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1742.320694][T10446] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[ 1742.328639][T22814] usb 2-1: Product: syz
[ 1742.332625][T10446] usb 3-1: config 0 has no interface number 0
[ 1742.338496][T22814] usb 2-1: Manufacturer: syz
[ 1742.342959][T10446] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1742.353868][T22814] usb 2-1: SerialNumber: syz
[ 1742.358504][T10446] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1742.371988][T22814] usb 2-1: config 0 descriptor??
[ 1742.376844][T10446] usb 3-1: config 0 interface 255 has no altsetting 0
[ 1742.408783][T24109] usb 4-1: new high-speed USB device number 116 using dummy_hcd
[ 1742.418711][T26424] device bridge_slave_1 left promiscuous mode
[ 1742.424653][T26424] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1742.431857][T26424] device bridge_slave_0 left promiscuous mode
[ 1742.437970][T26424] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1742.445577][T26424] device veth1_macvtap left promiscuous mode
[ 1742.451778][T26424] device veth0_vlan left promiscuous mode
[ 1742.536945][T10446] usb 3-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1742.546485][T10446] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1742.554289][T10446] usb 3-1: Product: syz
[ 1742.558255][T10446] usb 3-1: Manufacturer: syz
[ 1742.562778][T10446] usb 3-1: SerialNumber: syz
[ 1742.568548][T10446] usb 3-1: config 0 descriptor??
[ 1742.639575][T10445] usb 2-1: USB disconnect, device number 117
[ 1742.866023][T24109] usb 4-1: device descriptor read/64, error -71
[ 1742.927660][T10446] usb 3-1: USB disconnect, device number 97
[ 1743.078186][T26424] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1743.383107][T24109] usb 4-1: device descriptor read/64, error -71
[ 1743.639077][T10196] erofs: (device loop0): mounted with root inode @ nid 36.
[ 1743.650469][T10196] overlayfs: './bus' not a directory
[ 1743.657264][T10196] incfs: Can't find or create .index dir in ./file0
[ 1743.663774][T10196] incfs: mount failed -30
[ 1743.668272][T10196] erofs: Unknown parameter 't÷'
[ 1743.878332][T24109] usb 4-1: new high-speed USB device number 117 using dummy_hcd
[ 1743.923258][T10446] usb 1-1: new high-speed USB device number 100 using dummy_hcd
[ 1744.151902][T10446] usb 1-1: Using ep0 maxpacket: 16
[ 1744.374845][T24109] usb 4-1: device descriptor read/64, error -71
[ 1744.494873][T10446] usb 1-1: config 0 has an invalid interface number: 3 but max is 0
[ 1744.502660][T10446] usb 1-1: config 0 has no interface number 0
[ 1744.513379][T10209] overlayfs: failed to resolve './file1': -2
[ 1744.656775][T10446] usb 1-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1744.665649][T10446] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1744.673452][T10446] usb 1-1: Product: syz
[ 1744.677444][T10446] usb 1-1: Manufacturer: syz
[ 1744.681837][T10446] usb 1-1: SerialNumber: syz
[ 1744.686834][T10446] usb 1-1: config 0 descriptor??
[ 1744.790147][T24109] usb 4-1: device descriptor read/64, error -71
[ 1744.875812][T10446] Bluetooth: hci0: command 0x1003 tx timeout
[ 1744.881663][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1744.908717][T24109] usb usb4-port1: attempt power cycle
[ 1744.918480][T10211] 9pnet: Insufficient options for proto=fd
[ 1744.927407][ T8118] usb 1-1: USB disconnect, device number 100
[ 1744.941420][T10213] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1744.950986][T10213] overlayfs: './bus' not a directory
[ 1744.957439][T10213] incfs: Can't find or create .index dir in ./file0
[ 1744.964031][T10213] incfs: mount failed -30
[ 1744.968304][T10213] erofs: Unknown parameter 't÷'
[ 1745.449915][   T15] usb 2-1: new high-speed USB device number 118 using dummy_hcd
[ 1745.982254][   T15] usb 2-1: Using ep0 maxpacket: 16
[ 1746.342833][   T15] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[ 1746.350662][   T15] usb 2-1: config 0 has no interface number 0
[ 1746.524599][   T15] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1746.534505][   T15] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1746.542540][   T15] usb 2-1: Product: syz
[ 1746.546700][   T15] usb 2-1: Manufacturer: syz
[ 1746.551115][   T15] usb 2-1: SerialNumber: syz
[ 1746.562194][   T15] usb 2-1: config 0 descriptor??
[ 1746.829996][   T15] usb 2-1: USB disconnect, device number 118
[ 1746.866746][T22814] Bluetooth: hci0: command 0x1001 tx timeout
[ 1746.873002][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1747.142564][T10252] 9pnet: Insufficient options for proto=fd
[ 1747.409637][ T8118] usb 3-1: new high-speed USB device number 98 using dummy_hcd
[ 1748.375250][ T8118] usb 3-1: device descriptor read/64, error -71
[ 1748.559018][T10289] 9pnet: Insufficient options for proto=fd
[ 1748.641164][T10290] erofs: (device loop0): mounted with root inode @ nid 36.
[ 1748.650458][T10290] overlayfs: './bus' not a directory
[ 1748.656528][T10290] incfs: Can't find or create .index dir in ./file0
[ 1748.663193][T10290] incfs: mount failed -30
[ 1748.668598][T10290] erofs: Unknown parameter 't÷'
[ 1748.800418][ T8118] usb 3-1: device descriptor read/64, error -71
[ 1748.838513][T10446] Bluetooth: hci0: command 0x1009 tx timeout
[ 1748.943269][T10445] usb 1-1: new high-speed USB device number 101 using dummy_hcd
[ 1749.057792][ T8118] usb 3-1: new high-speed USB device number 99 using dummy_hcd
[ 1749.058325][T10298] EXT4-fs (loop1): Ignoring removed orlov option
[ 1749.072985][T10298] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1749.080337][T10298] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a014e09c, mo2=0002]
[ 1749.088209][T10298] System zones: 1-12
[ 1749.092548][T10298] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.11931: casefold flag without casefold feature
[ 1749.105335][T10298] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.11931: missing EA_INODE flag
[ 1749.117097][T10298] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.11931: error while reading EA inode 12 err=-117
[ 1749.129445][T10298] EXT4-fs (loop1): 1 orphan inode deleted
[ 1749.135007][T10298] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,minixdf,max_dir_size_kb=0x0000000000009c7c,debug,grpquota,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue
[ 1749.191081][T10445] usb 1-1: Using ep0 maxpacket: 16
[ 1749.243090][T10308] overlayfs: statfs failed on './file0'
[ 1749.324684][T10445] usb 1-1: config 0 has an invalid interface number: 3 but max is 0
[ 1749.332540][T10445] usb 1-1: config 0 has no interface number 0
[ 1749.333831][ T8118] usb 3-1: device descriptor read/64, error -71
[ 1749.496188][T10445] usb 1-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1749.505043][T10445] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1749.516543][T10445] usb 1-1: Product: syz
[ 1749.520553][T10445] usb 1-1: Manufacturer: syz
[ 1749.525192][T10445] usb 1-1: SerialNumber: syz
[ 1749.531315][T10445] usb 1-1: config 0 descriptor??
[ 1749.714858][ T8118] usb 3-1: device descriptor read/64, error -71
[ 1749.774722][T10445] usb 1-1: USB disconnect, device number 101
[ 1749.829237][ T8118] usb usb3-port1: attempt power cycle
[ 1750.392000][T10329] 9pnet: Insufficient options for proto=fd
[ 1752.031212][T10352] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1752.073483][T10352] overlayfs: './bus' not a directory
[ 1752.079750][T10352] incfs: Can't find or create .index dir in ./file0
[ 1752.090710][T10352] incfs: mount failed -30
[ 1752.095604][T10352] erofs: Unknown parameter 't÷'
[ 1752.324858][T10446] usb 1-1: new high-speed USB device number 102 using dummy_hcd
[ 1752.353422][ T1222] usb 2-1: new high-speed USB device number 119 using dummy_hcd
[ 1752.601528][ T1222] usb 2-1: Using ep0 maxpacket: 16
[ 1752.631768][T10446] usb 1-1: device descriptor read/64, error -71
[ 1752.632890][T10363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1752.651610][T10363] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1752.658954][T10363] device bridge_slave_0 entered promiscuous mode
[ 1752.666196][T10363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1752.673283][T10363] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1752.680581][T10363] device bridge_slave_1 entered promiscuous mode
[ 1752.771518][T10371] overlayfs: failed to resolve './file0': -2
[ 1752.938981][ T1222] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[ 1752.946817][ T1222] usb 2-1: config 0 has no interface number 0
[ 1752.964631][T10363] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1752.971466][T10363] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1752.978568][T10363] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1752.985354][T10363] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1753.002795][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1753.010054][T10445] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1753.017139][T10445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1753.024258][T10446] usb 1-1: device descriptor read/64, error -71
[ 1753.033471][T18127] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1753.041547][T18127] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1753.048372][T18127] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1753.057529][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1753.065782][T24132] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1753.072630][T24132] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1753.091324][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1753.096939][ T1222] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1753.099748][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1753.115365][ T1222] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1753.122763][T22814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1753.131525][ T1222] usb 2-1: Product: syz
[ 1753.135668][ T1222] usb 2-1: Manufacturer: syz
[ 1753.140075][ T1222] usb 2-1: SerialNumber: syz
[ 1753.149193][T22814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1753.157114][ T1222] usb 2-1: config 0 descriptor??
[ 1753.158259][T10363] device veth0_vlan entered promiscuous mode
[ 1753.171113][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1753.179165][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1753.196215][T10363] device veth1_macvtap entered promiscuous mode
[ 1753.205727][T22814] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1753.224167][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1753.234896][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1753.261886][T10375] overlayfs: './bus' not a directory
[ 1753.269683][T10375] udc-core: couldn't find an available UDC or it's busy
[ 1753.276472][T10375] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1753.296542][T10446] usb 1-1: new high-speed USB device number 103 using dummy_hcd
[ 1753.306441][  T592] device bridge_slave_1 left promiscuous mode
[ 1753.312365][  T592] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1753.319781][  T592] device bridge_slave_0 left promiscuous mode
[ 1753.325777][  T592] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1753.333137][  T592] device veth1_macvtap left promiscuous mode
[ 1753.339026][  T592] device veth0_vlan left promiscuous mode
[ 1753.392166][T22814] usb 2-1: USB disconnect, device number 119
[ 1753.898643][T10446] usb 1-1: device descriptor read/64, error -71
[ 1754.554134][T10446] usb 1-1: device descriptor read/64, error -71
[ 1754.566059][T10390] EXT4-fs (loop1): Ignoring removed orlov option
[ 1754.572442][T10390] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1754.580252][T10390] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a014e09c, mo2=0002]
[ 1754.588270][T10390] System zones: 1-12
[ 1754.593208][T10390] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.11957: casefold flag without casefold feature
[ 1754.606087][T10390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.11957: missing EA_INODE flag
[ 1754.618127][T10390] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.11957: error while reading EA inode 12 err=-117
[ 1754.630803][T10390] EXT4-fs (loop1): 1 orphan inode deleted
[ 1754.636371][T10390] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,minixdf,max_dir_size_kb=0x0000000000009c7c,debug,grpquota,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue
[ 1754.678083][T10446] usb usb1-port1: attempt power cycle
[ 1754.727174][T10404] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1754.755654][T10404] overlayfs: './bus' not a directory
[ 1754.762203][T10404] incfs: Can't find or create .index dir in ./file0
[ 1754.769019][T10404] incfs: mount failed -30
[ 1754.773645][T10404] erofs: Unknown parameter 't÷'
[ 1755.230182][T18127] usb 2-1: new high-speed USB device number 120 using dummy_hcd
[ 1755.458840][T18127] usb 2-1: Using ep0 maxpacket: 16
[ 1755.729782][  T592] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1755.744764][T18127] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[ 1755.755101][T10424] overlayfs: './bus' not a directory
[ 1755.760246][T18127] usb 2-1: config 0 has no interface number 0
[ 1755.916352][T18127] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1755.925323][T18127] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1755.933292][T18127] usb 2-1: Product: syz
[ 1755.937379][T18127] usb 2-1: Manufacturer: syz
[ 1755.941822][T18127] usb 2-1: SerialNumber: syz
[ 1755.953433][T18127] usb 2-1: config 0 descriptor??
[ 1756.020902][   T15] usb 4-1: new high-speed USB device number 119 using dummy_hcd
[ 1756.458324][T10340] usb 2-1: USB disconnect, device number 120
[ 1756.706672][   T15] usb 4-1: Using ep0 maxpacket: 16
[ 1756.840296][   T15] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[ 1756.848303][   T15] usb 4-1: config 0 has no interface number 0
[ 1756.854194][   T15] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1756.865153][   T15] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1756.878537][   T15] usb 4-1: config 0 interface 255 has no altsetting 0
[ 1757.240315][   T15] usb 4-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1757.249203][   T15] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1757.257189][   T15] usb 4-1: Product: syz
[ 1757.261198][   T15] usb 4-1: Manufacturer: syz
[ 1757.265568][   T15] usb 4-1: SerialNumber: syz
[ 1757.270759][   T15] usb 4-1: config 0 descriptor??
[ 1757.478265][T10340] usb 2-1: new high-speed USB device number 121 using dummy_hcd
[ 1757.539175][   T15] usb 4-1: USB disconnect, device number 119
[ 1757.839884][ T1222] Bluetooth: hci0: command 0x1003 tx timeout
[ 1757.845818][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1757.868901][T10340] usb 2-1: device descriptor read/64, error -71
[ 1758.268878][T10340] usb 2-1: device descriptor read/64, error -71
[ 1758.372339][T10466] udc-core: couldn't find an available UDC or it's busy
[ 1758.379171][T10466] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1758.409877][  T592] device bridge_slave_1 left promiscuous mode
[ 1758.415845][  T592] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1758.424371][  T592] device bridge_slave_0 left promiscuous mode
[ 1758.430299][  T592] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1758.438299][  T592] device veth1_macvtap left promiscuous mode
[ 1758.444587][  T592] device veth0_vlan left promiscuous mode
[ 1758.740134][T10340] usb 2-1: new high-speed USB device number 122 using dummy_hcd
[ 1759.002309][T10340] usb 2-1: device descriptor read/64, error -71
[ 1759.894605][ T8118] Bluetooth: hci0: command 0x1001 tx timeout
[ 1759.924221][T10340] usb 2-1: device descriptor read/64, error -71
[ 1759.940756][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1760.040895][T10340] usb usb2-port1: attempt power cycle
[ 1762.042799][   T15] Bluetooth: hci0: command 0x1009 tx timeout
[ 1762.876120][T10543] 9pnet: Insufficient options for proto=fd
[ 1763.065476][T10552] overlayfs: failed to resolve './file1': -2
[ 1763.117671][   T24] audit: type=1326 audit(1719945797.695:7561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10553 comm="syz.4.12003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1763.143134][   T24] audit: type=1326 audit(1719945797.706:7562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10553 comm="syz.4.12003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1763.182195][   T24] audit: type=1326 audit(1719945797.706:7563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10553 comm="syz.4.12003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1763.205555][   T24] audit: type=1326 audit(1719945797.706:7564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10553 comm="syz.4.12003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1763.498886][T10445] usb 1-1: new high-speed USB device number 105 using dummy_hcd
[ 1763.731058][T10566] EXT4-fs (loop1): Ignoring removed orlov option
[ 1763.737447][T10566] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1763.755588][T10566] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a014e09c, mo2=0002]
[ 1763.768337][T10566] System zones: 1-12
[ 1763.772805][T10566] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.12008: casefold flag without casefold feature
[ 1763.789075][T10566] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.12008: missing EA_INODE flag
[ 1763.801356][T10566] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.12008: error while reading EA inode 12 err=-117
[ 1763.815302][T10566] EXT4-fs (loop1): 1 orphan inode deleted
[ 1763.820841][T10566] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,minixdf,max_dir_size_kb=0x0000000000009c7c,debug,grpquota,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue
[ 1763.845217][T10576] 9pnet: Insufficient options for proto=fd
[ 1763.851027][T10445] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1763.870420][T10445] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1763.883268][T10445] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1763.892077][T10445] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1763.931350][T10566] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31302 sclass=netlink_route_socket pid=10566 comm=syz.1.12008
[ 1764.063716][T10586] EXT4-fs (loop1): Ignoring removed orlov option
[ 1764.069977][T10586] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1764.542986][T10586] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a014e09c, mo2=0002]
[ 1764.561257][T10586] System zones: 1-12
[ 1764.569930][T10586] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.12013: casefold flag without casefold feature
[ 1764.583272][T10586] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: inode #12: comm syz.1.12013: missing EA_INODE flag
[ 1764.598163][T10586] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.12013: error while reading EA inode 12 err=-117
[ 1764.618244][T10586] EXT4-fs (loop1): 1 orphan inode deleted
[ 1764.624106][T10586] EXT4-fs (loop1): mounted filesystem without journal. Opts: orlov,minixdf,max_dir_size_kb=0x0000000000009c7c,debug,grpquota,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue
[ 1764.676695][T10586] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31302 sclass=netlink_route_socket pid=10586 comm=syz.1.12013
[ 1764.822944][T10445] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1764.839203][T10445] usb 1-1: USB disconnect, device number 105
[ 1765.149686][T10607] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1765.156557][T10607] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1765.163605][T10607] device bridge_slave_0 entered promiscuous mode
[ 1765.170425][T10607] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1765.177286][ T8118] usb 2-1: new high-speed USB device number 124 using dummy_hcd
[ 1765.184461][T10607] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1765.191958][T10607] device bridge_slave_1 entered promiscuous mode
[ 1765.223778][T10607] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1765.230594][T10607] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1765.237707][T10607] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1765.244492][T10607] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1765.261803][   T15] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1765.268790][   T15] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1765.276136][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1765.283647][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1765.292608][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1765.300857][T10445] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1765.307680][T10445] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1765.321515][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1765.329493][T10445] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1765.336321][T10445] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1765.352212][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1765.360030][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1765.378643][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1765.387207][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1765.395056][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1765.402193][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1765.410262][T10607] device veth0_vlan entered promiscuous mode
[ 1765.420606][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1765.429399][T10607] device veth1_macvtap entered promiscuous mode
[ 1765.441022][   T15] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1765.450483][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1765.565735][ T8118] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[ 1765.575265][ T8118] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1765.627775][T10618] 9pnet: Insufficient options for proto=fd
[ 1765.670768][ T8118] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1765.679786][ T8118] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1765.744962][T10626] netlink: 252 bytes leftover after parsing attributes in process `syz.4.12023'.
[ 1765.919938][T17771] device bridge_slave_1 left promiscuous mode
[ 1765.928147][T17771] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1765.963727][T17771] device bridge_slave_0 left promiscuous mode
[ 1765.990223][ T1222] usb 3-1: new high-speed USB device number 101 using dummy_hcd
[ 1765.997694][ T8118] usb 2-1: SerialNumber: syz
[ 1766.013536][T17771] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1766.020765][T10596] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1766.030811][T17771] device veth1_macvtap left promiscuous mode
[ 1766.042930][T17771] device veth0_vlan left promiscuous mode
[ 1766.099366][T10628] EXT4-fs (loop0): Ignoring removed orlov option
[ 1766.105773][T10628] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 1766.117779][T10628] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a014e09c, mo2=0002]
[ 1766.126492][T10628] System zones: 1-12
[ 1766.131606][T10628] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.12026: casefold flag without casefold feature
[ 1766.144520][T10628] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.12026: missing EA_INODE flag
[ 1766.156116][T10628] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.12026: error while reading EA inode 12 err=-117
[ 1766.169701][T10628] EXT4-fs (loop0): 1 orphan inode deleted
[ 1766.175235][T10628] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,minixdf,max_dir_size_kb=0x0000000000009c7c,debug,grpquota,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue
[ 1766.221708][T10628] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31302 sclass=netlink_route_socket pid=10628 comm=syz.0.12026
[ 1766.340211][T10637] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1766.375585][ T1222] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1766.385244][ T1222] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1766.394742][ T1222] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1766.682185][T10644] overlayfs: failed to resolve './file1': -2
[ 1767.194866][ T1222] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1767.203709][ T1222] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1767.211713][ T1222] usb 3-1: Product: syz
[ 1767.215837][ T1222] usb 3-1: Manufacturer: syz
[ 1767.220234][ T1222] usb 3-1: SerialNumber: syz
[ 1767.224821][T10637] EXT4-fs (loop1): unsupported inode size: 255
[ 1767.232848][T10637] EXT4-fs (loop1): blocksize: 1024
[ 1768.071769][ T1222] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 101 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1768.095600][ T1222] usb 3-1: USB disconnect, device number 101
[ 1768.109403][ T1222] usblp0: removed
[ 1768.624724][T10675] netlink: 252 bytes leftover after parsing attributes in process `syz.2.12038'.
[ 1769.009074][T10679] erofs: (device loop0): mounted with root inode @ nid 36.
[ 1769.037204][T10679] overlayfs: './bus' not a directory
[ 1769.045259][T10679] incfs: Can't find or create .index dir in ./file0
[ 1769.059198][T10679] incfs: mount failed -30
[ 1769.068079][T10679] erofs: Unknown parameter 't÷'
[ 1769.084956][T10682] overlayfs: failed to resolve './file1': -2
[ 1769.213730][   T24] audit: type=1326 audit(1719945804.088:7565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10689 comm="syz.3.12043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9213e85f19 code=0x7ffc0000
[ 1769.238058][   T24] audit: type=1326 audit(1719945804.088:7566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10689 comm="syz.3.12043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9213e85f19 code=0x7ffc0000
[ 1769.274142][   T24] audit: type=1326 audit(1719945804.088:7567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10689 comm="syz.3.12043" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9213e85f19 code=0x7ffc0000
[ 1769.366213][ T1222] usb 1-1: new high-speed USB device number 106 using dummy_hcd
[ 1769.579592][T10445] usb 4-1: new high-speed USB device number 120 using dummy_hcd
[ 1769.775831][ T1222] usb 1-1: Using ep0 maxpacket: 16
[ 1769.899717][ T1222] usb 1-1: config 0 has an invalid interface number: 3 but max is 0
[ 1769.907564][ T1222] usb 1-1: config 0 has no interface number 0
[ 1769.928265][T10445] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1769.938992][T10445] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1769.948521][T10445] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1769.957361][T10445] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1769.966106][T10445] usb 4-1: config 0 descriptor??
[ 1770.099982][ T1222] usb 1-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1770.108867][ T1222] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1770.116850][ T1222] usb 1-1: Product: syz
[ 1770.120998][ T8118] cdc_ether: probe of 2-1:1.0 failed with error -71
[ 1770.128083][ T1222] usb 1-1: Manufacturer: syz
[ 1770.132602][ T8118] usb 2-1: USB disconnect, device number 124
[ 1770.139006][ T1222] usb 1-1: SerialNumber: syz
[ 1770.144448][ T1222] usb 1-1: config 0 descriptor??
[ 1770.500192][ T1222] usb 1-1: USB disconnect, device number 106
[ 1771.338081][T10445] uclogic 0003:256C:006D.00A3: interface is invalid, ignoring
[ 1771.368092][T10725] overlayfs: failed to resolve './file1': -2
[ 1771.374209][   T24] audit: type=1326 audit(1719945806.367:7568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10726 comm="syz.4.12055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1771.415224][   T24] audit: type=1326 audit(1719945806.398:7569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10726 comm="syz.4.12055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1771.442138][   T24] audit: type=1326 audit(1719945806.398:7570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10726 comm="syz.4.12055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1771.466079][   T24] audit: type=1326 audit(1719945806.398:7571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10726 comm="syz.4.12055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1771.489535][   T24] audit: type=1326 audit(1719945806.398:7572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10726 comm="syz.4.12055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0f6c5bf19 code=0x7ffc0000
[ 1771.613328][T10340] usb 4-1: USB disconnect, device number 120
[ 1771.687203][T10738] overlayfs: failed to resolve './file0': -2
[ 1772.166927][   T15] usb 2-1: new high-speed USB device number 125 using dummy_hcd
[ 1772.233069][T10746] udc-core: couldn't find an available UDC or it's busy
[ 1772.239991][T10746] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1772.388612][T10750] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1772.395508][T10750] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1772.402512][T10750] device bridge_slave_0 entered promiscuous mode
[ 1772.409153][T10750] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1772.416027][T10750] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1772.423197][T10750] device bridge_slave_1 entered promiscuous mode
[ 1772.442118][   T24] audit: type=1326 audit(1719945807.479:7573): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10754 comm="syz.2.12067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1772.471720][T10750] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1772.478577][T10750] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1772.485671][T10750] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1772.492451][T10750] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1772.492679][   T24] audit: type=1326 audit(1719945807.511:7574): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10754 comm="syz.2.12067" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1772.514242][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1772.530654][T10445] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1772.537613][T10445] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1772.554473][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1772.562364][T10340] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1772.569121][T10340] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1772.576331][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1772.584471][T10340] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1772.591304][T10340] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1772.595426][   T15] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[ 1772.598771][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1772.608025][   T15] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1772.629188][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1772.638027][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1772.648604][T10750] device veth0_vlan entered promiscuous mode
[ 1772.655694][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1772.665526][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1772.673124][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1772.680667][T10759] overlayfs: statfs failed on './file0'
[ 1772.689330][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1772.709775][   T15] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1772.718602][   T15] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1772.735372][   T15] usb 2-1: SerialNumber: syz
[ 1772.746229][T10750] device veth1_macvtap entered promiscuous mode
[ 1772.756474][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1772.805272][T10741] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1773.187154][T10767] overlayfs: failed to resolve './file0': -2
[ 1773.244941][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1773.273315][T10773] overlayfs: failed to resolve './file1': -2
[ 1773.662938][    T9] device bridge_slave_1 left promiscuous mode
[ 1773.668904][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1773.676381][T10780] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1773.683454][    T9] device bridge_slave_0 left promiscuous mode
[ 1773.689437][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1773.691167][T10445] usb 4-1: new high-speed USB device number 121 using dummy_hcd
[ 1773.705464][    T9] device veth1_macvtap left promiscuous mode
[ 1773.711313][    T9] device veth0_vlan left promiscuous mode
[ 1773.852954][ T8118] usb 1-1: new high-speed USB device number 107 using dummy_hcd
[ 1774.043706][T10445] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1774.054424][T10445] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1774.063953][T10445] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1774.072912][T10445] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1774.081242][T10445] usb 4-1: config 0 descriptor??
[ 1774.368342][T10780] EXT4-fs (loop1): unsupported inode size: 255
[ 1774.374403][T10780] EXT4-fs (loop1): blocksize: 1024
[ 1774.453240][ T8118] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1774.463560][ T8118] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1774.476378][ T8118] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1774.485247][ T8118] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1775.139552][ T8118] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1775.148844][ T8118] usb 1-1: USB disconnect, device number 107
[ 1775.358870][T10445] uclogic 0003:256C:006D.00A4: interface is invalid, ignoring
[ 1775.581233][T10445] usb 4-1: USB disconnect, device number 121
[ 1775.667313][T10812] overlayfs: failed to resolve './file1': -2
[ 1776.456445][T10828] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1776.463294][T10828] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1776.470353][T10828] device bridge_slave_0 entered promiscuous mode
[ 1776.477260][T10828] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1776.484115][T10828] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1776.491901][T10828] device bridge_slave_1 entered promiscuous mode
[ 1776.559048][T10828] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1776.565899][T10828] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1776.572998][T10828] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1776.579777][T10828] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1776.603025][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1776.610650][T16525] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1776.618084][T16525] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1776.638007][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1776.647612][T16525] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1776.654455][T16525] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1776.662318][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1776.670355][T16525] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1776.677187][T16525] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1776.684295][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1776.692695][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1776.708970][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1776.918776][T10845] overlayfs: failed to resolve './file1': -2
[ 1777.090052][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1777.097786][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1777.105307][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1777.113466][T10828] device veth0_vlan entered promiscuous mode
[ 1777.123909][T10446] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1777.133724][T10828] device veth1_macvtap entered promiscuous mode
[ 1777.142795][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1777.153087][T10445] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1777.348997][   T15] cdc_ether: probe of 2-1:1.0 failed with error -71
[ 1777.395982][   T15] usb 2-1: USB disconnect, device number 125
[ 1777.412232][T10856] netlink: 'syz.2.12098': attribute type 17 has an invalid length.
[ 1777.558972][T10858] overlayfs: failed to resolve './file1': -2
[ 1778.006343][  T592] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1778.114964][    T9] device bridge_slave_1 left promiscuous mode
[ 1778.133109][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1778.174062][    T9] device bridge_slave_0 left promiscuous mode
[ 1778.191487][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1778.206333][    T9] device veth1_macvtap left promiscuous mode
[ 1778.218293][    T9] device veth0_vlan left promiscuous mode
[ 1778.720777][  T110] Bluetooth: hci2: Frame reassembly failed (-84)
[ 1778.720802][  T592] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1778.852647][  T592] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1779.290557][T10898] overlayfs: failed to resolve './file1': -2
[ 1779.892047][   T15] usb 3-1: new high-speed USB device number 102 using dummy_hcd
[ 1779.930591][T10446] Bluetooth: hci0: command 0x1003 tx timeout
[ 1779.936602][ T9807] Bluetooth: hci0: sending frame failed (-49)
[ 1780.254458][   T15] usb 3-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1780.264641][   T15] usb 3-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1780.277624][   T15] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1780.286594][   T15] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1780.616073][T10446] Bluetooth: hci1: command 0x1003 tx timeout
[ 1780.621932][ T9807] Bluetooth: hci1: sending frame failed (-49)
[ 1780.627934][T10446] Bluetooth: hci2: command 0x1003 tx timeout
[ 1780.633738][ T9807] Bluetooth: hci2: sending frame failed (-49)
[ 1780.807146][   T15] aiptek 3-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1780.816570][   T15] usb 3-1: USB disconnect, device number 102
[ 1781.130341][T18127] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[ 1781.673566][T18127] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[ 1781.683034][T18127] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1781.769021][T18127] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1781.777857][T18127] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1781.785675][T18127] usb 2-1: SerialNumber: syz
[ 1781.807157][T10911] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1781.911462][T10446] Bluetooth: hci0: command 0x1001 tx timeout
[ 1781.917289][ T9807] Bluetooth: hci0: sending frame failed (-49)
[ 1782.091854][T10918] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1782.606808][T10446] Bluetooth: hci2: command 0x1001 tx timeout
[ 1782.612648][ T9807] Bluetooth: hci2: sending frame failed (-49)
[ 1782.618761][T10446] Bluetooth: hci1: command 0x1001 tx timeout
[ 1782.624545][ T9807] Bluetooth: hci1: sending frame failed (-49)
[ 1782.631637][T10918] EXT4-fs (loop1): unsupported inode size: 255
[ 1782.637648][T10918] EXT4-fs (loop1): blocksize: 1024
[ 1782.930233][   T24] kauditd_printk_skb: 1 callbacks suppressed
[ 1782.930245][   T24] audit: type=1326 audit(1719945818.492:7576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10924 comm="syz.2.12118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1782.959623][   T24] audit: type=1326 audit(1719945818.492:7577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10924 comm="syz.2.12118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1782.983505][   T24] audit: type=1326 audit(1719945818.492:7578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10924 comm="syz.2.12118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1783.006974][   T24] audit: type=1326 audit(1719945818.492:7579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10924 comm="syz.2.12118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1783.030598][   T24] audit: type=1326 audit(1719945818.492:7580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10924 comm="syz.2.12118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1783.892778][T10446] Bluetooth: hci0: command 0x1009 tx timeout
[ 1784.572349][T10936] overlayfs: './bus' not a directory
[ 1784.578607][   T15] Bluetooth: hci1: command 0x1009 tx timeout
[ 1784.578762][T32385] Bluetooth: hci2: command 0x1009 tx timeout
[ 1784.855230][   T15] usb 3-1: new high-speed USB device number 103 using dummy_hcd
[ 1785.083922][   T15] usb 3-1: Using ep0 maxpacket: 16
[ 1785.197945][   T15] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[ 1785.205920][   T15] usb 3-1: config 0 has no interface number 0
[ 1785.211953][   T15] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1785.222875][   T15] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1785.236070][   T15] usb 3-1: config 0 interface 255 has no altsetting 0
[ 1785.397918][   T15] usb 3-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1785.406768][   T15] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1785.414584][   T15] usb 3-1: Product: syz
[ 1785.418680][   T15] usb 3-1: Manufacturer: syz
[ 1785.422977][   T15] usb 3-1: SerialNumber: syz
[ 1785.428262][   T15] usb 3-1: config 0 descriptor??
[ 1785.589407][T18127] cdc_ether: probe of 2-1:1.0 failed with error -71
[ 1785.599147][T18127] usb 2-1: USB disconnect, device number 126
[ 1785.694642][   T15] usb 3-1: USB disconnect, device number 103
[ 1786.210897][T10946] overlayfs: failed to resolve './file1': -2
[ 1787.150800][   T15] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[ 1787.207740][T10957] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1787.214819][T10957] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1787.222036][T10957] device bridge_slave_0 entered promiscuous mode
[ 1787.228811][T10957] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1787.235635][T10957] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1787.243079][T10957] device bridge_slave_1 entered promiscuous mode
[ 1787.273610][T10957] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1787.280449][T10957] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1787.287549][T10957] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1787.294324][T10957] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1787.313915][   T24] audit: type=1326 audit(1719945823.100:7581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10962 comm="syz.2.12129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1787.337542][T16525] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1787.338799][   T24] audit: type=1326 audit(1719945823.100:7582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10962 comm="syz.2.12129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1787.368182][T16525] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1787.373364][   T24] audit: type=1326 audit(1719945823.100:7583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10962 comm="syz.2.12129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1787.399009][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1787.401866][   T24] audit: type=1326 audit(1719945823.100:7584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=10962 comm="syz.2.12129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1787.406330][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1787.448251][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1787.456418][T16525] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1787.463241][T16525] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1787.470462][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1787.479145][T16525] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1787.485978][T16525] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1787.493311][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1787.502579][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1787.515844][T10957] device veth0_vlan entered promiscuous mode
[ 1787.522572][   T15] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1787.527231][T10957] device veth1_macvtap entered promiscuous mode
[ 1787.533247][   T15] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1787.807355][   T15] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1787.816395][   T15] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1787.824554][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1787.833102][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1787.841357][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1787.849516][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1787.857481][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1787.864625][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1787.872403][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1788.183342][T10977] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1788.190274][T10977] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1788.197609][T10977] device bridge_slave_0 entered promiscuous mode
[ 1788.204667][T10977] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1788.211745][T10977] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1788.219148][T10977] device bridge_slave_1 entered promiscuous mode
[ 1788.249993][T10978] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1788.257085][T10978] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1788.264123][T10978] device bridge_slave_0 entered promiscuous mode
[ 1788.272115][T10978] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1788.278994][T10978] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1788.286162][T10978] device bridge_slave_1 entered promiscuous mode
[ 1788.309494][    T9] device bridge_slave_1 left promiscuous mode
[ 1788.315619][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1788.323107][    T9] device bridge_slave_0 left promiscuous mode
[ 1788.329004][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1788.336528][    T9] device veth1_macvtap left promiscuous mode
[ 1788.342765][   T15] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1788.343593][    T9] device veth0_vlan left promiscuous mode
[ 1788.352492][   T15] usb 2-1: USB disconnect, device number 127
[ 1788.440077][T10977] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1788.446937][T10977] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1788.453981][T10977] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1788.460818][T10977] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1788.494436][T10978] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1788.501276][T10978] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1788.508374][T10978] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1788.515162][T10978] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1788.522444][ T8118] usb 3-1: new high-speed USB device number 104 using dummy_hcd
[ 1788.567248][T16525] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1788.575744][T16525] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1788.582733][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1788.590005][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1788.598047][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1788.606878][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1788.614732][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1788.633495][T10978] device veth0_vlan entered promiscuous mode
[ 1788.654539][T10978] device veth1_macvtap entered promiscuous mode
[ 1788.664162][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1788.673615][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1788.681457][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1788.688724][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1788.696086][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1788.712764][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1788.719942][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1788.727859][T10340] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1788.734688][T10340] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1788.741900][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1788.749964][T10340] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1788.756823][T10340] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1788.764094][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1788.771873][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1788.793036][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1788.801305][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1788.827543][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1788.883118][T10977] device veth0_vlan entered promiscuous mode
[ 1788.889259][T18127] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1789.138435][ T8118] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[ 1789.148230][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1789.155754][T16525] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1789.163158][ T8118] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1789.195776][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1789.206781][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1789.216256][T10977] device veth1_macvtap entered promiscuous mode
[ 1789.234880][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1789.243149][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1789.251863][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1789.255789][ T8118] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1789.270816][ T8118] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1789.271167][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1789.278620][ T8118] usb 3-1: SerialNumber: syz
[ 1789.292032][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1789.322646][T10985] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1789.349727][   T24] audit: type=1326 audit(1719945825.231:7585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11005 comm="syz.0.12139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1789.394409][   T24] audit: type=1326 audit(1719945825.231:7586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11005 comm="syz.0.12139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1789.424975][   T24] audit: type=1326 audit(1719945825.263:7587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11005 comm="syz.0.12139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1789.449041][   T24] audit: type=1326 audit(1719945825.263:7588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11005 comm="syz.0.12139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1789.473432][   T24] audit: type=1326 audit(1719945825.263:7589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11005 comm="syz.0.12139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1789.942726][T11023] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1790.142430][    T9] device bridge_slave_1 left promiscuous mode
[ 1790.148387][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1790.155677][    T9] device bridge_slave_0 left promiscuous mode
[ 1790.161703][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1790.169159][    T9] device bridge_slave_1 left promiscuous mode
[ 1790.175191][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1790.182358][    T9] device bridge_slave_0 left promiscuous mode
[ 1790.188329][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1790.196059][    T9] device veth1_macvtap left promiscuous mode
[ 1790.201940][    T9] device veth0_vlan left promiscuous mode
[ 1790.207624][    T9] device veth1_macvtap left promiscuous mode
[ 1790.213500][T10340] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[ 1790.220941][    T9] device veth0_vlan left promiscuous mode
[ 1790.446437][T10340] usb 2-1: Using ep0 maxpacket: 8
[ 1790.522652][T10446] usb 4-1: new high-speed USB device number 122 using dummy_hcd
[ 1790.560790][T10340] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1790.571473][T10340] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1790.582069][T10340] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1790.591738][T10340] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1790.604631][T10340] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[ 1790.613813][T10340] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1790.622387][T10340] usb 2-1: config 0 descriptor??
[ 1790.677274][T11030] overlayfs: failed to resolve './file0': -2
[ 1790.696495][T11032] syz.0.12148[11032] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1790.696549][T11032] syz.0.12148[11032] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[ 1790.837112][   T24] audit: type=1326 audit(1719945826.733:7590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11036 comm="syz.0.12150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1790.952513][   T24] audit: type=1326 audit(1719945826.733:7591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11036 comm="syz.0.12150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1790.976151][T10446] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1790.985987][T10446] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1790.995503][   T24] audit: type=1326 audit(1719945826.743:7592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11036 comm="syz.0.12150" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7effd89cff19 code=0x7ffc0000
[ 1791.019221][T10446] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1791.131764][T11043] overlayfs: failed to resolve './file1': -2
[ 1791.142843][T11025] binder: transaction release 34 bad object at offset 536871744, size 72
[ 1791.180776][T10340] kye 0003:0458:5011.00A5: unbalanced collection at end of report description
[ 1791.189678][T10446] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1791.199168][T10340] kye 0003:0458:5011.00A5: parse failed
[ 1791.204612][T10446] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1791.212609][T10340] kye: probe of 0003:0458:5011.00A5 failed with error -22
[ 1791.219576][T10446] usb 4-1: Product: syz
[ 1791.236885][T10446] usb 4-1: Manufacturer: syz
[ 1791.241359][T10446] usb 4-1: SerialNumber: syz
[ 1791.398015][ T1222] usb 2-1: USB disconnect, device number 2
[ 1791.496623][T10446] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 122 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1792.793973][ T7532] usb 4-1: USB disconnect, device number 122
[ 1792.805302][ T7532] usblp0: removed
[ 1793.504347][ T8118] cdc_ether: probe of 3-1:1.0 failed with error -71
[ 1793.514151][ T8118] usb 3-1: USB disconnect, device number 104
[ 1794.513781][T11103] udc-core: couldn't find an available UDC or it's busy
[ 1794.782497][T11103] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1795.960218][T11127] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1797.705169][T11168] 9pnet: Could not find request transport: fd0x0000000000000003
[ 1797.779827][T11171] overlayfs: failed to resolve './file1': -2
[ 1797.888105][T11173] overlayfs: failed to resolve './file0': -2
[ 1798.689669][T32385] usb 1-1: new high-speed USB device number 108 using dummy_hcd
[ 1798.952775][T32385] usb 1-1: Using ep0 maxpacket: 8
[ 1799.143464][T32385] usb 1-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1799.208653][T32385] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1799.275572][T32385] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1799.285158][T32385] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1799.298198][T32385] usb 1-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[ 1799.307066][T32385] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1799.318313][T32385] usb 1-1: config 0 descriptor??
[ 1799.405468][T11208] overlayfs: failed to resolve './file0': -2
[ 1799.572400][T24132] usb 4-1: new high-speed USB device number 123 using dummy_hcd
[ 1800.159219][  T592] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1800.173945][T11177] binder: transaction release 42 bad object at offset 536871744, size 72
[ 1800.193910][T32385] kye 0003:0458:5011.00A6: unbalanced collection at end of report description
[ 1800.202970][T32385] kye 0003:0458:5011.00A6: parse failed
[ 1800.208547][T32385] kye: probe of 0003:0458:5011.00A6 failed with error -22
[ 1800.324510][T24132] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1800.334087][T24132] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1800.343798][T24132] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1800.390374][T10446] usb 1-1: USB disconnect, device number 108
[ 1800.467962][T11225] overlayfs: statfs failed on './file0'
[ 1800.505670][T24132] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1800.514705][T24132] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1800.522805][T24132] usb 4-1: Product: syz
[ 1800.526985][T24132] usb 4-1: Manufacturer: syz
[ 1800.533655][T24132] usb 4-1: SerialNumber: syz
[ 1800.560157][T11227] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31302 sclass=netlink_route_socket pid=11227 comm=syz.2.12206
[ 1800.842476][T24132] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 123 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1801.542486][   T24] audit: type=1326 audit(1719945838.029:7593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.12211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1801.565966][   T24] audit: type=1326 audit(1719945838.029:7594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.12211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1801.590334][   T24] audit: type=1326 audit(1719945838.029:7595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.12211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1801.615302][   T24] audit: type=1326 audit(1719945838.029:7596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.12211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1801.639597][   T24] audit: type=1326 audit(1719945838.029:7597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=11246 comm="syz.2.12211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1017e83f19 code=0x7ffc0000
[ 1801.908285][T24132] Bluetooth: hci0: command 0x1003 tx timeout
[ 1801.914291][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1801.998585][T10340] usb 4-1: USB disconnect, device number 123
[ 1802.070690][T10340] usblp0: removed
[ 1802.767293][T11272] fuse: Bad value for 'fd'
[ 1803.009248][T11285] overlayfs: failed to resolve './file0': -2
[ 1803.051274][T11286] overlayfs: failed to resolve './file1': -2
[ 1803.687048][  T396] usb 4-1: new high-speed USB device number 124 using dummy_hcd
[ 1803.706966][T11292] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 1803.726271][T11292] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,noauto_da_alloc,jqfmt=vfsold,bsdgroups,resuid=0x0000000000000000,dioread_nolock,usrjquota=,discard,jqfmt=vfsv1,,errors=continue
[ 1803.786767][T11299] udc-core: couldn't find an available UDC or it's busy
[ 1803.793928][T11299] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1803.858933][T10446] Bluetooth: hci0: command 0x1001 tx timeout
[ 1803.864784][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1803.934909][T10340] usb 3-1: new high-speed USB device number 105 using dummy_hcd
[ 1804.153924][  T396] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[ 1804.163433][  T396] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1804.249292][  T396] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1804.258306][  T396] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1804.266074][  T396] usb 4-1: SerialNumber: syz
[ 1804.287509][T11289] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1804.306251][T10340] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1804.315755][T10340] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1804.325172][T10340] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1804.454125][T11306] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1804.460983][T11306] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1804.468031][T11306] device bridge_slave_0 entered promiscuous mode
[ 1804.478241][T11306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1804.485096][T11306] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1804.492262][T11306] device bridge_slave_1 entered promiscuous mode
[ 1804.496733][T10340] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1804.507360][T10340] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1804.515093][T10340] usb 3-1: Product: syz
[ 1804.519664][T10340] usb 3-1: Manufacturer: syz
[ 1804.524094][T10340] usb 3-1: SerialNumber: syz
[ 1804.558494][T11306] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1804.565339][T11306] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1804.572497][T11306] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1804.579338][T11306] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1804.600290][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1804.625598][ T1222] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1804.632812][ T1222] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1804.633739][T11311] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1804.652736][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1804.661199][ T8118] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1804.668024][ T8118] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1804.675336][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1804.683464][ T8118] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1804.690298][ T8118] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1804.707803][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1804.716166][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1804.724365][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1804.734429][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1804.742256][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1804.749546][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1804.757371][T11306] device veth0_vlan entered promiscuous mode
[ 1804.768490][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1804.777125][T11306] device veth1_macvtap entered promiscuous mode
[ 1804.785832][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1804.798105][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1804.925549][T24132] usb 1-1: new high-speed USB device number 109 using dummy_hcd
[ 1805.041740][  T592] device bridge_slave_1 left promiscuous mode
[ 1805.047970][  T592] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1805.057826][  T592] device bridge_slave_0 left promiscuous mode
[ 1805.064043][  T592] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1805.071540][  T592] device veth1_macvtap left promiscuous mode
[ 1805.077332][  T592] device veth0_vlan left promiscuous mode
[ 1805.250528][T10340] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 105 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1805.269652][T10340] usb 3-1: USB disconnect, device number 105
[ 1805.280279][T10340] usblp0: removed
[ 1805.296995][T24132] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1805.310536][T24132] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1805.333535][T24132] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1805.349502][T24132] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1805.494701][T11323] overlayfs: failed to resolve './file1': -2
[ 1805.849562][T10340] Bluetooth: hci0: command 0x1009 tx timeout
[ 1805.887899][T24132] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1805.897533][T24132] usb 1-1: USB disconnect, device number 109
[ 1806.374055][T11333] EXT4-fs (loop0): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[ 1806.393628][T11333] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,noauto_da_alloc,jqfmt=vfsold,bsdgroups,resuid=0x0000000000000000,dioread_nolock,usrjquota=,discard,jqfmt=vfsv1,,errors=continue
[ 1806.458106][T11338] udc-core: couldn't find an available UDC or it's busy
[ 1806.465102][T11338] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1806.891009][T11346] overlayfs: './bus' not a directory
[ 1807.124328][T11348] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1807.131268][T11348] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1807.138470][T11348] device bridge_slave_0 entered promiscuous mode
[ 1807.145234][T11348] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1807.152094][T11348] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1807.154337][ T3356] usb 3-1: new high-speed USB device number 106 using dummy_hcd
[ 1807.159548][T11348] device bridge_slave_1 entered promiscuous mode
[ 1807.199935][T11348] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1807.206769][T11348] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1807.213862][T11348] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1807.220640][T11348] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1807.239585][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1807.246993][ T1222] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1807.254057][ T1222] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1807.286888][T10340] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1807.295069][T10340] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1807.301915][T10340] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1807.355784][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1807.363680][T24132] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1807.370448][T24132] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1807.377869][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1807.392519][ T3356] usb 3-1: Using ep0 maxpacket: 16
[ 1807.395011][T11348] device veth0_vlan entered promiscuous mode
[ 1807.434276][T11348] device veth1_macvtap entered promiscuous mode
[ 1807.636425][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1807.644645][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1807.652930][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1807.661017][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1807.669327][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1807.677115][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1807.685018][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1807.693828][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1807.833074][T10890] device bridge_slave_1 left promiscuous mode
[ 1807.839409][T10890] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1807.847082][T10890] device bridge_slave_0 left promiscuous mode
[ 1807.853249][T10890] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1807.861200][T10890] device veth1_macvtap left promiscuous mode
[ 1807.867073][T10890] device veth0_vlan left promiscuous mode
[ 1807.897401][ T3356] usb 3-1: config 0 has an invalid interface number: 255 but max is 0
[ 1807.905391][ T3356] usb 3-1: config 0 has no interface number 0
[ 1807.912573][ T3356] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1807.923539][ T3356] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1807.936800][ T3356] usb 3-1: config 0 interface 255 has no altsetting 0
[ 1808.087934][ T3356] usb 3-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1808.096953][ T3356] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1808.104745][ T3356] usb 3-1: Product: syz
[ 1808.108740][ T3356] usb 3-1: Manufacturer: syz
[ 1808.113144][ T3356] usb 3-1: SerialNumber: syz
[ 1808.141490][ T3356] usb 3-1: config 0 descriptor??
[ 1808.147724][T11364] overlayfs: failed to resolve './file0': -2
[ 1808.164548][  T396] cdc_ether: probe of 4-1:1.0 failed with error -71
[ 1808.172194][  T396] usb 4-1: USB disconnect, device number 124
[ 1808.413339][ T3356] usb 3-1: USB disconnect, device number 106
[ 1808.431145][T24132] usb 1-1: new high-speed USB device number 110 using dummy_hcd
[ 1808.456079][T11370] udc-core: couldn't find an available UDC or it's busy
[ 1808.462956][T11370] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1808.821451][T24132] usb 1-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1808.848635][T24132] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1808.906666][T24132] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1808.915532][T24132] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1809.515932][T11386] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1809.523120][T11386] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1809.531595][T11386] device bridge_slave_0 entered promiscuous mode
[ 1809.538317][T24132] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1809.538441][T11386] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1809.554045][T11386] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1809.556421][T24132] usb 1-1: USB disconnect, device number 110
[ 1809.561425][T11386] device bridge_slave_1 entered promiscuous mode
[ 1809.753758][T11386] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1809.760630][T11386] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1809.767735][T11386] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1809.774491][T11386] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1809.850445][ T3356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1809.871701][ T3356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1809.882457][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1809.890247][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1809.902683][  T396] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1809.910780][  T396] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1809.917628][  T396] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1809.958965][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1809.968109][ T3356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1809.974958][ T3356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1809.982366][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1809.990913][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1810.005877][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1810.017287][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1810.025803][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1810.033011][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1810.057728][T11386] device veth0_vlan entered promiscuous mode
[ 1810.306712][T11386] device veth1_macvtap entered promiscuous mode
[ 1810.313800][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1810.326421][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1810.348066][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1810.856175][T11409] netlink: 252 bytes leftover after parsing attributes in process `syz.0.12258'.
[ 1811.561408][T11415] overlayfs: failed to resolve './file0': -2
[ 1811.622096][T11423] fuse: Bad value for 'fd'
[ 1811.784193][  T592] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1811.849194][T10890] device bridge_slave_1 left promiscuous mode
[ 1811.864578][T10890] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1811.875103][T10890] device bridge_slave_0 left promiscuous mode
[ 1811.881211][T10890] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1811.889291][T10890] device veth1_macvtap left promiscuous mode
[ 1811.895173][T10890] device veth0_vlan left promiscuous mode
[ 1812.142243][ T3356] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[ 1812.526867][ T3356] usb 2-1: config 17 has an invalid descriptor of length 255, skipping remainder of the config
[ 1812.557127][ T3356] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1812.570134][ T3356] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[ 1812.584173][ T3356] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1812.898375][T10446] usb 3-1: new high-speed USB device number 107 using dummy_hcd
[ 1813.126948][T10446] usb 3-1: Using ep0 maxpacket: 16
[ 1813.137188][ T3356] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1
[ 1813.147133][ T3356] usb 2-1: USB disconnect, device number 3
[ 1813.241305][T10446] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1813.252296][T10446] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1813.261128][T10446] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1813.269740][T10446] usb 3-1: config 0 descriptor??
[ 1813.356078][T11452] EXT4-fs (loop0): Ignoring removed orlov option
[ 1813.362439][T11452] EXT4-fs (loop0): Test dummy encryption mode enabled
[ 1813.369630][T11452] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a014e09c, mo2=0002]
[ 1813.377440][T11452] System zones: 1-12
[ 1813.381529][T11452] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #15: comm syz.0.12273: casefold flag without casefold feature
[ 1813.394223][T11452] EXT4-fs error (device loop0): ext4_xattr_inode_iget:404: inode #12: comm syz.0.12273: missing EA_INODE flag
[ 1813.405965][T11452] EXT4-fs error (device loop0): ext4_xattr_inode_iget:409: comm syz.0.12273: error while reading EA inode 12 err=-117
[ 1813.418279][T11452] EXT4-fs (loop0): 1 orphan inode deleted
[ 1813.423827][T11452] EXT4-fs (loop0): mounted filesystem without journal. Opts: orlov,minixdf,max_dir_size_kb=0x0000000000009c7c,debug,grpquota,errors=continue,test_dummy_encryption,auto_da_alloc,nodiscard,,errors=continue
[ 1813.461086][T11452] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=31302 sclass=netlink_route_socket pid=11452 comm=syz.0.12273
[ 1813.519286][   T24] audit: type=1400 audit(1719945850.616:7598): avc:  denied  { create } for  pid=11443 comm="syz.2.12271" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[ 1813.584217][ T1222] usb 4-1: new high-speed USB device number 125 using dummy_hcd
[ 1813.612874][T10446] usbhid 3-1:0.0: can't add hid device: -71
[ 1813.618693][T10446] usbhid: probe of 3-1:0.0 failed with error -71
[ 1813.685803][T10446] usb 3-1: USB disconnect, device number 107
[ 1813.693819][T32385] Bluetooth: hci0: command 0x1003 tx timeout
[ 1813.699664][  T891] Bluetooth: hci0: sending frame failed (-49)
[ 1813.879479][ T7532] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[ 1813.984264][ T1222] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1813.993722][ T1222] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[ 1814.003167][ T1222] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[ 1814.327326][T10890] Bluetooth: hci1: Frame reassembly failed (-84)
[ 1814.351714][ T1222] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[ 1814.360572][ T1222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1814.368398][ T1222] usb 4-1: Product: syz
[ 1814.372347][ T1222] usb 4-1: Manufacturer: syz
[ 1814.376823][ T1222] usb 4-1: SerialNumber: syz
[ 1814.422550][ T7532] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[ 1814.432618][ T7532] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1814.649080][ T1222] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 125 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8
[ 1814.689194][ T7532] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1814.698054][ T7532] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1814.705950][ T7532] usb 2-1: SerialNumber: syz
[ 1814.727283][T11465] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1815.034217][T11476] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[ 1815.319779][T10446] usb 4-1: USB disconnect, device number 125
[ 1815.329433][T10446] usblp0: removed
[ 1815.670488][T10446] Bluetooth: hci0: command 0x1001 tx timeout
[ 1815.674192][T11476] EXT4-fs (loop1): unsupported inode size: 255
[ 1815.676409][T28060] Bluetooth: hci0: sending frame failed (-49)
[ 1815.687652][T11476] EXT4-fs (loop1): blocksize: 1024
[ 1816.276617][T10446] Bluetooth: hci1: command 0x1003 tx timeout
[ 1816.284374][T28060] Bluetooth: hci1: sending frame failed (-49)
[ 1816.446590][T11497] overlayfs: failed to resolve './file0': -2
[ 1816.951026][T11501] overlayfs: failed to resolve './file1': -2
[ 1817.404015][T24132] usb 4-1: new high-speed USB device number 126 using dummy_hcd
[ 1817.652115][T10446] Bluetooth: hci0: command 0x1009 tx timeout
[ 1817.775467][T24132] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 4
[ 1817.787310][T24132] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[ 1817.800170][T11511] overlayfs: failed to resolve './file0': -2
[ 1817.889773][T24132] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1817.898630][T24132] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[ 1817.906421][T24132] usb 4-1: SerialNumber: syz
[ 1817.937439][T11506] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1818.184916][T11506] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[ 1818.261242][ T1222] Bluetooth: hci1: command 0x1001 tx timeout
[ 1818.267085][T28060] Bluetooth: hci1: sending frame failed (-49)
[ 1818.718899][ T7532] cdc_ether: probe of 2-1:1.0 failed with error -71
[ 1818.725938][ T7532] usb 2-1: USB disconnect, device number 4
[ 1818.890017][T24132] cdc_ether: probe of 4-1:1.0 failed with error -71
[ 1818.897143][T24132] usb 4-1: USB disconnect, device number 126
[ 1819.995516][T11530] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1820.005436][T11530] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1820.013928][T11530] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1820.023249][T11530] incfs: Can't find or create .index dir in ./file0
[ 1820.029730][T11530] incfs: mount failed -30
[ 1820.034122][T11530] erofs: Unknown parameter 't÷'
[ 1820.111111][T11533] erofs: (device loop0): mounted with root inode @ nid 36.
[ 1820.122230][T11533] overlayfs: './bus' not a directory
[ 1820.128799][T11533] incfs: Can't find or create .index dir in ./file0
[ 1820.135215][T11533] incfs: mount failed -30
[ 1820.139795][T11533] erofs: Unknown parameter 't÷'
[ 1820.242766][ T7532] Bluetooth: hci1: command 0x1009 tx timeout
[ 1820.299731][T24132] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[ 1820.395398][ T1222] usb 1-1: new high-speed USB device number 111 using dummy_hcd
[ 1820.537833][T24132] usb 2-1: Using ep0 maxpacket: 16
[ 1820.623695][ T1222] usb 1-1: Using ep0 maxpacket: 16
[ 1820.661906][T24132] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[ 1820.669704][T24132] usb 2-1: config 0 has no interface number 0
[ 1820.737903][ T1222] usb 1-1: config 0 has an invalid interface number: 3 but max is 0
[ 1820.745722][ T1222] usb 1-1: config 0 has no interface number 0
[ 1820.852236][T24132] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1820.861108][T24132] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1820.868922][T24132] usb 2-1: Product: syz
[ 1820.872884][T24132] usb 2-1: Manufacturer: syz
[ 1820.877281][T24132] usb 2-1: SerialNumber: syz
[ 1820.882592][T24132] usb 2-1: config 0 descriptor??
[ 1820.900015][ T1222] usb 1-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1820.908876][ T1222] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1820.916676][ T1222] usb 1-1: Product: syz
[ 1820.920763][ T1222] usb 1-1: Manufacturer: syz
[ 1820.925145][ T1222] usb 1-1: SerialNumber: syz
[ 1820.932300][ T1222] usb 1-1: config 0 descriptor??
[ 1820.975346][T11541] overlayfs: failed to resolve './file0': -2
[ 1821.131791][T24132] usb 2-1: USB disconnect, device number 5
[ 1821.177136][ T1222] usb 1-1: USB disconnect, device number 111
[ 1821.228869][T11549] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1821.236630][T11549] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1821.244025][T11549] device bridge_slave_0 entered promiscuous mode
[ 1821.251034][T11549] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1821.258072][T11549] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1821.265725][T11549] device bridge_slave_1 entered promiscuous mode
[ 1821.315625][T11549] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1821.322485][T11549] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1821.329574][T11549] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1821.336344][T11549] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1821.358487][ T7532] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1821.376277][ T7532] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1821.387165][ T7532] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1821.394306][ T7532] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1821.434077][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1821.442019][ T1222] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1821.448865][ T1222] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1821.456117][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1821.465115][ T1222] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1821.471963][ T1222] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1821.479080][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1821.486757][ T1222] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1821.528627][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1821.543453][T11549] device veth0_vlan entered promiscuous mode
[ 1821.549939][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1821.558005][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1821.571403][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1821.584796][T11549] device veth1_macvtap entered promiscuous mode
[ 1821.591608][T24132] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1821.601962][  T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1821.612574][  T396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1821.789046][T11559] overlayfs: failed to resolve './file0': -2
[ 1822.884333][T11582] overlayfs: failed to resolve './file0': -2
[ 1822.920526][T10890] device bridge_slave_1 left promiscuous mode
[ 1822.927608][T10890] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1822.941769][T10890] device bridge_slave_0 left promiscuous mode
[ 1822.947955][T10890] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1823.119411][T10890] device veth1_macvtap left promiscuous mode
[ 1823.142556][T10890] device veth0_vlan left promiscuous mode
[ 1823.509419][T11593] udc-core: couldn't find an available UDC or it's busy
[ 1823.523652][T11593] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1823.706061][T11598] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1823.713565][T11598] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1823.714821][T11596] erofs: (device loop1): mounted with root inode @ nid 36.
[ 1823.732502][T11596] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1823.742496][T11598] device bridge_slave_0 entered promiscuous mode
[ 1823.749652][T11598] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1823.756477][T11598] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1823.763997][T11598] device bridge_slave_1 entered promiscuous mode
[ 1823.779614][T11596] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1823.815959][T11596] incfs: Can't find or create .index dir in ./file0
[ 1823.825104][T11596] incfs: mount failed -30
[ 1823.885006][T11606] erofs: Unknown parameter 't÷'
[ 1823.890590][T11598] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1823.897558][T11598] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1823.904632][T11598] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1823.911437][T11598] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1823.953402][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1823.968360][ T3356] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1823.975469][ T3356] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1823.984886][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1823.993082][T32385] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1823.999930][T32385] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1824.017657][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1824.026193][ T3356] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1824.033045][ T3356] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1824.040540][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1824.048315][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1824.061472][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1824.072200][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1824.079905][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1824.087596][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1824.097239][T11598] device veth0_vlan entered promiscuous mode
[ 1824.106702][ T3356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1824.115320][T11598] device veth1_macvtap entered promiscuous mode
[ 1824.124593][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1824.136795][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1824.157775][T10446] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[ 1824.254356][T11616] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1824.261207][T11616] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1824.268445][T11616] device bridge_slave_0 entered promiscuous mode
[ 1824.275214][T11616] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1824.282531][T11616] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1824.289770][T11616] device bridge_slave_1 entered promiscuous mode
[ 1824.337372][T11616] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1824.344228][T11616] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1824.351315][T11616] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1824.358099][T11616] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1824.386892][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1824.394387][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1824.402709][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1824.417982][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1824.425574][T10446] usb 2-1: Using ep0 maxpacket: 16
[ 1824.431748][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1824.446676][ T8118] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1824.457701][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1824.465615][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1824.472911][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1824.482381][T11616] device veth0_vlan entered promiscuous mode
[ 1824.492638][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1824.501280][T11616] device veth1_macvtap entered promiscuous mode
[ 1824.511465][T32385] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1824.531873][ T2808] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1824.543292][  T592] device bridge_slave_1 left promiscuous mode
[ 1824.554308][  T592] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1824.563362][T10446] usb 2-1: config 0 has an invalid interface number: 3 but max is 0
[ 1824.574057][T10446] usb 2-1: config 0 has no interface number 0
[ 1824.579135][T11625] overlayfs: './bus' not a directory
[ 1824.585289][  T592] device bridge_slave_0 left promiscuous mode
[ 1824.591491][  T592] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1824.599225][  T592] device veth1_macvtap left promiscuous mode
[ 1824.605041][  T592] device veth0_vlan left promiscuous mode
[ 1824.757359][T10446] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1824.766271][T10446] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1824.774440][T10446] usb 2-1: Product: syz
[ 1824.778733][T10446] usb 2-1: Manufacturer: syz
[ 1824.783184][T10446] usb 2-1: SerialNumber: syz
[ 1824.791899][T10446] usb 2-1: config 0 descriptor??
[ 1824.843630][T32385] usb 4-1: new high-speed USB device number 127 using dummy_hcd
[ 1824.967820][T10890] Bluetooth: hci0: Frame reassembly failed (-84)
[ 1825.036431][  T396] usb 2-1: USB disconnect, device number 6
[ 1825.148268][T32385] usb 4-1: Using ep0 maxpacket: 16
[ 1825.415130][T32385] usb 4-1: config 0 has an invalid interface number: 255 but max is 0
[ 1825.424272][T32385] usb 4-1: config 0 has no interface number 0
[ 1825.431834][T32385] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30
[ 1825.443482][T32385] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255
[ 1825.456855][T32385] usb 4-1: config 0 interface 255 has no altsetting 0
[ 1825.615115][T32385] usb 4-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=b9.e8
[ 1825.624207][T32385] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1825.632082][T32385] usb 4-1: Product: syz
[ 1825.637264][T32385] usb 4-1: Manufacturer: syz
[ 1825.641716][T32385] usb 4-1: SerialNumber: syz
[ 1825.648548][T32385] usb 4-1: config 0 descriptor??
[ 1825.720248][  T592] device bridge_slave_1 left promiscuous mode
[ 1825.726223][  T592] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1825.733880][  T592] device bridge_slave_0 left promiscuous mode
[ 1825.739920][  T592] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1825.747353][  T592] device veth1_macvtap left promiscuous mode
[ 1825.753181][  T592] device veth0_vlan left promiscuous mode
[ 1825.813498][T11644] overlayfs: statfs failed on './file0'
[ 1825.921030][T32385] usb 4-1: USB disconnect, device number 127
[ 1826.119876][ T8118] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[ 1826.158131][  T396] usb 3-1: new high-speed USB device number 108 using dummy_hcd
[ 1826.767594][  T396] usb 3-1: Using ep0 maxpacket: 8
[ 1826.891540][ T8118] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1826.902321][  T396] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30
[ 1826.913012][ T8118] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1826.922590][  T396] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1826.933377][ T8118] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[ 1826.942238][  T396] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1826.948573][T10445] Bluetooth: hci0: command 0x1003 tx timeout
[ 1826.951787][ T8118] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1826.957667][T30289] Bluetooth: hci0: sending frame failed (-49)
[ 1826.965394][  T396] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255
[ 1826.984267][  T396] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00
[ 1826.993354][ T8118] usb 2-1: config 0 descriptor??
[ 1826.998168][  T396] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1827.009939][  T396] usb 3-1: config 0 descriptor??
[ 1827.028035][T11663] overlayfs: failed to resolve './file0': -2
[ 1827.368553][T11671] netlink: 252 bytes leftover after parsing attributes in process `syz.3.12333'.
[ 1827.525611][  T396] kye 0003:0458:5011.00A7: unbalanced collection at end of report description
[ 1827.534463][  T396] kye 0003:0458:5011.00A7: parse failed
[ 1827.539904][  T396] kye: probe of 0003:0458:5011.00A7 failed with error -22
[ 1827.657928][  T396] usb 3-1: USB disconnect, device number 108
[ 1827.927310][T11679] overlayfs: statfs failed on './file0'
[ 1827.966598][T11683] udc-core: couldn't find an available UDC or it's busy
[ 1827.973435][T11683] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[ 1828.501359][ T8118] uclogic 0003:256C:006D.00A8: interface is invalid, ignoring
[ 1828.616257][T11616] ------------[ cut here ]------------
[ 1828.621642][T11616] WARNING: CPU: 1 PID: 11616 at fs/inode.c:304 drop_nlink+0xc1/0x110
[ 1828.630902][T11616] Modules linked in:
[ 1828.635131][T11616] CPU: 1 PID: 11616 Comm: syz-executor Tainted: G        W         5.10.218-syzkaller-00638-g3feee789f446 #0
[ 1828.647049][T11616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1828.657667][T11616] RIP: 0010:drop_nlink+0xc1/0x110
[ 1828.662600][T11616] Code: 1e 48 8d bb b8 04 00 00 be 08 00 00 00 e8 77 ce f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 af 38 b3 ff <0f> 0b eb 88 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 62 ff ff ff 4c
[ 1828.684903][T11616] RSP: 0018:ffffc90001287cc0 EFLAGS: 00010293
[ 1828.690906][T11616] RAX: ffffffff81b771d1 RBX: 0000000000000000 RCX: ffff88810e44bb40
[ 1828.699676][T11616] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[ 1828.708490][T11616] RBP: ffffc90001287ce8 R08: ffffffff81b77154 R09: 0000000000000003
[ 1828.716953][T11616] R10: fffff52000250f88 R11: dffffc0000000001 R12: dffffc0000000000
[ 1828.725318][T11616] R13: 1ffff110222f68fd R14: ffff8881117b47a0 R15: ffff8881117b47e8
[ 1828.733771][T11616] FS:  00005555563e5500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1828.745356][T11616] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1828.751913][T11616] CR2: 000000110c261617 CR3: 000000010f1e6000 CR4: 00000000003506a0
[ 1828.759964][T11616] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1828.768121][T11616] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1828.775973][T11616] Call Trace:
[ 1828.779442][T11616]  ? show_regs+0x58/0x60
[ 1828.779698][ T8118] usb 2-1: USB disconnect, device number 7
[ 1828.783521][T11616]  ? __warn+0x160/0x2f0
[ 1828.793384][T11616]  ? drop_nlink+0xc1/0x110
[ 1828.797856][T11616]  ? report_bug+0x3d9/0x5b0
[ 1828.802194][T11616]  ? drop_nlink+0xc1/0x110
[ 1828.806669][T11616]  ? handle_bug+0x41/0x70
[ 1828.810832][T11616]  ? exc_invalid_op+0x1b/0x50
[ 1828.815338][T11616]  ? asm_exc_invalid_op+0x12/0x20
[ 1828.820332][T11616]  ? drop_nlink+0x44/0x110
[ 1828.824570][T11616]  ? drop_nlink+0xc1/0x110
[ 1828.828980][T11616]  ? drop_nlink+0xc1/0x110
[ 1828.833254][T11616]  shmem_rmdir+0x59/0x90
[ 1828.837322][T11616]  vfs_rmdir+0x2b7/0x3f0
[ 1828.841370][T11616]  incfs_kill_sb+0x108/0x220
[ 1828.845925][T11616]  deactivate_locked_super+0xad/0x110
[ 1828.851113][T11616]  deactivate_super+0xbe/0xf0
[ 1828.855644][T11616]  cleanup_mnt+0x45c/0x510
[ 1828.859882][T11616]  __cleanup_mnt+0x19/0x20
[ 1828.864149][T11616]  task_work_run+0x129/0x190
[ 1828.868560][T11616]  exit_to_user_mode_loop+0xbf/0xd0
[ 1828.873613][T11616]  syscall_exit_to_user_mode+0xa2/0x1a0
[ 1828.879133][T11616]  do_syscall_64+0x40/0x70
[ 1828.883533][T11616]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1828.889276][T11616] RIP: 0033:0x7f997b33e247
[ 1828.893695][T11616] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[ 1828.913386][T11616] RSP: 002b:00007ffc332df688 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[ 1828.921805][T11616] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f997b33e247
[ 1828.929622][T11616] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc332df740
[ 1828.935263][T32385] Bluetooth: hci0: command 0x1001 tx timeout
[ 1828.940453][T11616] RBP: 00007ffc332df740 R08: 0000000000000000 R09: 0000000000000000
[ 1828.945283][T30289] Bluetooth: hci0: sending frame failed (-49)
[ 1828.952203][T11616] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc332e0810
[ 1828.965115][T11616] R13: 00007f997b3aa65d R14: 00000000001c85b5 R15: 0000000000000014
[ 1828.972944][T11616] ---[ end trace a3110f2908879db3 ]---
[ 1828.978294][T11616] ==================================================================
[ 1828.986065][T11616] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60
[ 1828.992135][T11616] Write of size 4 at addr 0000000000000170 by task syz-executor/11616
[ 1829.000113][T11616] 
[ 1829.002301][T11616] CPU: 0 PID: 11616 Comm: syz-executor Tainted: G        W         5.10.218-syzkaller-00638-g3feee789f446 #0
SYZFAIL: failed to recv rpc
fd=3 want=4 sent=0 n=0 (errno 9: Bad file descriptor)
[ 1829.013658][T11616] Hardware name: Google Google Com