last executing test programs:

3.462190433s ago: executing program 2 (id=154):
syz_emit_ethernet(0x3b6, &(0x7f0000000440)={@random="61fe71b72b5f", @link_local={0x17, 0x80, 0xc2, 0x2, 0x9, 0x3}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "001958", 0x380, 0x3a, 0xff, @dev={0xfe, 0x80, '\x00', 0x18}, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [{0x3, 0xa, "a78ce5400659808000000003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42c60a5c15b37adac15084dbaf736b41e5af1802"}, {0x0, 0x1, "000000000000000026000400"}, {0x4, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d036397a0acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x6, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5c6186c0d3baa75af390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a000023f5acaa556b9f30dcab2b90aa235a670670ffc5dc49dfb58d89310000000000"}, {0x18, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743474671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68f2d2c6393a9f3becd1a9f51a948b5b303f4f003"}, {0x21, 0x7, "fcd1876deaf8e9264e6fa3ce2dff9281c9fe68a3000000006f0000044e43e740e077e1d16212fb00"/55}, {0x5, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1eb91a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d96967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c000000000000000000"}, {0x0, 0x5, "090000000900000036da018dff16e70b8b1400000000e18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)

3.461933827s ago: executing program 2 (id=155):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000d00)=@newlink={0x40, 0x10, 0x44b, 0x0, 0x0, {0x7a, 0x0, 0x0, 0x0, 0x0, 0x21018}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @broadcast}]}, 0x40}}, 0x80)

3.35136986s ago: executing program 2 (id=158):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1, 0x2, &(0x7f00000018c0)=ANY=[@ANYBLOB="911062000000000095"], &(0x7f00000000c0)='GPL\x00'}, 0x94)

3.286909476s ago: executing program 2 (id=160):
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0\x00', 0xa0835c, &(0x7f0000000080)={[{@bh}]}, 0x2, 0x44a, &(0x7f0000000880)="$eJzs281vFOUfAPDvzLbl9+OtFfEFRK0SY+NLSwsqBy8aTTxgNNEDHuu2EMJCDa2JECLVGLyYGBI9G48m/gXevBj1ZOJV74aEKBfQU83MzsDuslsobHcr+/kkA8+z82yf57vPPDPPzLMbwMAaz/5JIrZGxG8RMVrPNhcYr/939fLZ6t+Xz1aTWFl5688kL3fl8tlqWbR835YiM5FGpJ8kRSXNFk+fOT5bq82fKvJTSyfem1o8febZYydmj84fnT85c/Dggf3TLzw/81xX4sziurL7w4U9u15758Lr1cMX3v3p26y9W4v9jXF0y3gW+F8rudZ9T3S7sj7b1pBOhvrYENakEhFZdw3n4380KnG980bj1Y/72jhgXWXXpk2ddy+vAHexJPrdAqA/ygt9dv9bbj2aemwIl16q3wBlcV8ttvqeoUiLMsMt97fdNB4Rh5f/+SrbYp2eQwAANPqs+uWheKbd/C+N+xvKbS/WUMYi4p6I2BER90bEzoi4LyIv+0BEPLjG+luXhm6c/6QXbyuwW5TN/14s1raa53/l7C/GKkVuWx7/cHLkWG1+X/GZTMTwpiw/vUod37/y6+ed9jXO/7Itq7+cCxbtuDjU8oBubnZpNp+UdsGljyJ2D7WLP7m2EpBExK6I2L22P729TBx76ps9nQrdPP5VdGGdaeXriCfr/b8cLfGXktXXJ6f+F7X5fVPlUXGjn385/2an+u8o/i7I+n9z8/HfWmQsaVyvXVx7Hed//7TjPc3tHv8jydv5+WikeO2D2aWlU9MRI8mhPN/0+sz195b5snwW/8Te9uN/R/GeLP6HIiI7iB+OiEci4tGi7Y9FxOMRsXeV+H98ufO+jdD/c23Pf9eO/5b+X3uicvyH7zrVf2v9fyBPTRSv5Oe/m7jVBt7JZwcAAAD/FWn+HfgknbyWTtPJyfp3+HfG5rS2sLj09JGF90/O1b8rPxbDafmka7Theeh0slz8xXp+pnhWXO7fXzw3/qLy/zw/WV2ozfU5dhh0WzqM/8wflX63Dlh37dbRZkb60BCg51rHf9qcPfdGLxsD9JTfa8Pgusn4T3vVDqD3XP9hcLUb/+da8tYC4O7k+g+Dy/iHwWX8w+Ay/mEg3cnv+iUGORHphmiGxDol+n1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I5/AwAA///K8u7c")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x1a1)
ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000000)={0xd2f0, 0x2000, 0x8, 0xadea})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, 0x0)

3.088252645s ago: executing program 2 (id=164):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x7)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000100)=0xff)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000280)=0x10)

2.771078448s ago: executing program 2 (id=169):
unshare(0x22020400)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00')
fchdir(r0)
r1 = inotify_init()
unshare(0x24060400)
inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x80000006)

2.583017173s ago: executing program 32 (id=169):
unshare(0x22020400)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='smaps_rollup\x00')
fchdir(r0)
r1 = inotify_init()
unshare(0x24060400)
inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x80000006)

1.697600106s ago: executing program 1 (id=176):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sigaltstack(&(0x7f0000000040)={0x0, 0x80000000, 0x7e2c87a6242f95be}, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

1.301492205s ago: executing program 0 (id=179):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0xfffffffffffffee5, 0x8080c61)

1.301204138s ago: executing program 0 (id=180):
ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000180)=@multiplanar_userptr={0x7, 0x7, 0x4, 0x0, 0x86, {}, {0x5, 0x1, 0xc1, 0x6a, 0x89, 0x5, "a8ed9837"}, 0xfff, 0x2, {0x0}, 0xffffffff})
r0 = syz_io_uring_setup(0x24f7, &(0x7f0000000b80)={0x0, 0x0, 0x10100, 0x0, 0x33a}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CLOSE={0x13, 0x8})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

1.176893127s ago: executing program 0 (id=181):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000500)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@cache_readahead}], [], 0x6b}})
truncate(&(0x7f0000000240)='./file0\x00', 0x206b12)
openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xa2f00, 0xa3)

989.347317ms ago: executing program 0 (id=182):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000140)=@newtfilter={0x98, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {0xfffa}, {}, {0x1c, 0xfff9}}, [@filter_kind_options=@f_flower={{0xb}, {0x60, 0x2, [@TCA_FLOWER_ACT={0x54, 0x3, [@m_connmark={0x50, 0x1, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xfffffff8, 0xfff, 0x0, 0x5, 0xb}, 0x3}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x3, 0x3}}}}]}, @TCA_FLOWER_FLAGS={0x8, 0x16, 0x12}]}}, @TCA_RATE={0x6, 0x5, {0x7, 0x81}}]}, 0x98}}, 0x24000000)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)

769.862943ms ago: executing program 1 (id=183):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x38, 0x3c, 0x107, 0x0, 0x0, {0x1, 0x7c}, [@nested={0x4, 0xfc}, @nested={0xc, 0x1, 0x0, 0x1, [@typed={0x6, 0x6, 0x0, 0x0, @str='\x80\n'}]}, @nested={0x8, 0x2, 0x0, 0x1, [@nested={0x4, 0x72}]}, @typed={0xc, 0x5, 0x0, 0x0, @u64=0xffffffffffffff78}]}, 0x38}, 0x1, 0x0, 0x0, 0xc000}, 0xc000)

704.723453ms ago: executing program 1 (id=184):
r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)={0x114, 0x1f, 0x1, 0x0, 0x80000, "", [@nested={0x102, 0x0, 0x0, 0x1, [@typed={0x14, 0x3, 0x0, 0x0, @ipv6=@loopback}, @typed={0xfffffffffffffe78, 0x1, 0x0, 0x0, @ipv6=@dev}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b504681000000000000009ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a487f26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec58e9a3ddb9ad02a078cf0d972df9e99f079767734f69ce475f55ac64337803f5eb4e5842f4d98fe3fa370d47eb640dc5061dc35817"]}]}, 0x114}], 0x1}, 0x140000c4)

628.507742ms ago: executing program 1 (id=185):
capset(&(0x7f0000000080)={0x20080522}, &(0x7f0000000040)={0x1000, 0x10ffff, 0xfffffffd})
r0 = syz_open_dev$sg(&(0x7f00000001c0), 0x0, 0x0)
ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x6, 0x6b, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="ea3513000000", 0x0, 0x0, 0x14, 0x0, 0x0})

560.952135ms ago: executing program 1 (id=186):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_GET_KEY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)={0x28, r2, 0x1, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x48019}, 0x20000000)

297.447596ms ago: executing program 1 (id=187):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000500)='io_uring_defer\x00', r0, 0x0, 0x10000}, 0x18)
r1 = syz_io_uring_setup(0x5bf, &(0x7f0000000440)={0x0, 0x7aca, 0x400, 0x1, 0x294}, &(0x7f0000000240)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000004c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x6, 0x4000, @fd=r1, 0x9002, 0x0, 0x0, 0x4, 0x1, {0x3}})
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
io_uring_enter(r1, 0x6e2, 0x3900, 0x1, 0x0, 0x2000)

296.987096ms ago: executing program 0 (id=188):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000180)='./file2\x00', 0xa00010, &(0x7f00000001c0), 0x21, 0x4bf, &(0x7f00000009c0)="$eJzs3U9vVF0ZAPDn3nbon7fv26Is1KggomgIM+0AlbDCjcYQEiNx5QJqOzRNZzpNZ4q0sijfwUQSV7rwA7gwcWHCyr073bnBhQkq0VATF2PmzhQKnSlF2s6b3t8vObn33DOd5zyd3HPaM+2cAHLrXERsRcSpiLgXEZPd60m3xM1OaT/u5YtH89svHs0n0Wrd+UeStbevxa6vafuo+5yjEfGD70b8ONkbt7GxuTxXrVbWuvVSs7ZaamxsXl6qzS1WFisr5fLszOz09SvXyoeW69nab55/Z+nWD3//uy89++PWN3/a7tZEt213Hoepk3rhVZy24Yi4dRTBBmCom8+pQXeE/0saEZ+JiPPZ/T8ZQ9mrCQCcZK3WZLQmd9cBgJMuzdbAkrQYUeicp2mx2FnDOxPjabXeaF66X19fWeislU1FIb2/VK1Md9cKp6KQtOsz2fnrevmt+pWIOB0RPxsZy+rF+Xp1YZA/+ABAjn30ev7P3gv490hn/gcATrjRQXcAADh25n8AyB/zPwDkj/kfAPLH/A8A+WP+B4D8Mf8DQK58//btdmltdz//euHBxvpy/cHlhUpjuVhbny/O19dWi4v1+mL2mT21dz1ftV5fnbka6w9LzUqjWWpsbN6t1ddXmnezz/W+WykcS1YAwH5On3365yQitm6MZSV27eVgroaTLR10B4CBGRp0B4CBsdsX5Jff8YEeW/S+ofMnQmN7G54cTX+Ao3fx89b/Ia+s/0N+Wf+H/LL+D/nVaiX2/AeAnLHGDxzs/f8evP8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAjk1kJUmL3b3AJyJNi8WIjyNiKgrJ/aVqZToiPomIP40URtr1mUF3GgD4QOnfku7+XxcnL0y83Xoq+c9IdoyIn/zizs8fzjWbazPt6//sXP/WWMST7vXyIPoPAHk09F6P3pmnd+bxHS9fPJrfKYffx/6ef7uzuWg77na3dFqGYzg7jkYhIsb/lXTrHcl7Z97b1uOI+Fyv/JNsbWSqu/Pp2/HbsT8+1vjpG/HTrK1zbH8vPnsIfYG8edoef272uv/SOJcde9//o9kI9eF2xr/tPeNf+mr8G+oz/p07SICxX0dc/cP3+sZ/HPGF4V7xk1fxkz7xLxwwx7988cvn+7W1fhlxMXrH3x2r1Kytlhobm5eXanOLlcXKSrk8OzM7ff3KtXIpW6Mu7axU7/X3G5c+2S//8T7xR9+R/9cOmP+v/nvvR1/ZJ/43vtr79T+zT/z2nPj1A8afG/9t3+272/EX+uT/rtf/0gHjP/vr5sIBHwoAHIPGxubyXLVaWRv0yU6HPi39ceIk1yeDHZeAo/f6ph90TwAAAAAAAAAAAAAAgH6O49+JBp0jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ9f/AgAA//9gOtV4")
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)

0s ago: executing program 0 (id=189):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000800), r0)
sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(r0, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000840)={0x3c, r1, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x11, 0x2, @ipv4={'\x00', '\xff\xff', @multicast1}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private0}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000801}, 0x448c0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:7903' (ED25519) to the list of known hosts.
syzkaller login: [   56.860323][ T5777] cgroup: Unknown subsys name 'net'
[   56.929058][ T5777] cgroup: Unknown subsys name 'cpuset'
[   56.934813][ T5777] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   59.262396][ T5777] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   65.476193][ T5237] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   65.480379][ T5237] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   65.484395][ T5237] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   65.487894][ T5237] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   65.491542][ T5237] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   65.509942][ T5856] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   65.513714][   T54] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   65.518365][   T54] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   65.522823][   T54] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   65.526464][   T54] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   65.633543][   T54] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   65.637273][   T54] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   65.640536][   T54] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   65.645234][   T54] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   65.648866][   T54] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   65.818986][ T5854] chnl_net:caif_netlink_parms(): no params data found
[   65.863193][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   65.980459][ T5854] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.985727][ T5854] bridge0: port 1(bridge_slave_0) entered disabled state
[   65.989041][ T5854] bridge_slave_0: entered allmulticast mode
[   65.993400][ T5854] bridge_slave_0: entered promiscuous mode
[   66.013448][ T5854] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.016488][ T5854] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.019557][ T5854] bridge_slave_1: entered allmulticast mode
[   66.023134][ T5854] bridge_slave_1: entered promiscuous mode
[   66.047534][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.050315][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.053303][ T5850] bridge_slave_0: entered allmulticast mode
[   66.056183][ T5850] bridge_slave_0: entered promiscuous mode
[   66.059192][ T5861] chnl_net:caif_netlink_parms(): no params data found
[   66.079386][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.082043][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.084861][ T5850] bridge_slave_1: entered allmulticast mode
[   66.087845][ T5850] bridge_slave_1: entered promiscuous mode
[   66.094351][ T5854] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.114648][ T5854] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.152424][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.173341][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.177273][ T5854] team0: Port device team_slave_0 added
[   66.186982][ T5854] team0: Port device team_slave_1 added
[   66.246775][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.249768][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.258191][ T5854] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.263886][ T5854] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.266083][ T5854] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.275137][ T5854] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.279913][ T5850] team0: Port device team_slave_0 added
[   66.282399][ T5861] bridge0: port 1(bridge_slave_0) entered blocking state
[   66.285563][ T5861] bridge0: port 1(bridge_slave_0) entered disabled state
[   66.287797][ T5861] bridge_slave_0: entered allmulticast mode
[   66.290504][ T5861] bridge_slave_0: entered promiscuous mode
[   66.300300][ T5861] bridge0: port 2(bridge_slave_1) entered blocking state
[   66.303844][ T5861] bridge0: port 2(bridge_slave_1) entered disabled state
[   66.306554][ T5861] bridge_slave_1: entered allmulticast mode
[   66.309994][ T5861] bridge_slave_1: entered promiscuous mode
[   66.315281][ T5850] team0: Port device team_slave_1 added
[   66.340457][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.343094][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.352890][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.397351][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.399776][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.409256][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.419909][ T5861] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   66.437868][ T5854] hsr_slave_0: entered promiscuous mode
[   66.440482][ T5854] hsr_slave_1: entered promiscuous mode
[   66.447146][ T5861] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   66.536572][ T5861] team0: Port device team_slave_0 added
[   66.554537][ T5850] hsr_slave_0: entered promiscuous mode
[   66.557807][ T5850] hsr_slave_1: entered promiscuous mode
[   66.560757][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   66.563830][ T5850] Cannot create hsr debugfs directory
[   66.568024][ T5861] team0: Port device team_slave_1 added
[   66.629570][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_0
[   66.633131][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.642209][ T5861] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   66.671044][ T5861] batman_adv: batadv0: Adding interface: batadv_slave_1
[   66.675616][ T5861] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   66.684737][ T5861] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   66.819248][ T5861] hsr_slave_0: entered promiscuous mode
[   66.825089][ T5861] hsr_slave_1: entered promiscuous mode
[   66.828041][ T5861] debugfs: 'hsr0' already exists in 'hsr'
[   66.830367][ T5861] Cannot create hsr debugfs directory
[   66.960089][ T5854] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   66.975137][ T5854] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   66.985701][ T5854] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   67.003059][ T5854] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   67.093457][ T5850] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   67.105898][ T5850] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   67.114795][ T5850] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   67.144191][ T5850] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   67.219542][ T5861] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   67.227309][ T5861] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   67.234436][ T5861] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   67.250672][ T5861] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   67.318110][ T5854] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.337271][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.357835][ T5854] 8021q: adding VLAN 0 to HW filter on device team0
[   67.377794][ T3609] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.380427][ T3609] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.397411][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   67.403450][ T1089] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.406624][ T1089] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.423119][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.426276][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.450316][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.453535][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.487082][ T5861] 8021q: adding VLAN 0 to HW filter on device bond0
[   67.551130][ T5861] 8021q: adding VLAN 0 to HW filter on device team0
[   67.595037][ T1090] bridge0: port 1(bridge_slave_0) entered blocking state
[   67.598387][ T1090] bridge0: port 1(bridge_slave_0) entered forwarding state
[   67.602744][ T5853] Bluetooth: hci1: command tx timeout
[   67.602838][   T54] Bluetooth: hci0: command tx timeout
[   67.607465][ T1090] bridge0: port 2(bridge_slave_1) entered blocking state
[   67.610874][ T1090] bridge0: port 2(bridge_slave_1) entered forwarding state
[   67.670620][ T5854] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.674127][   T54] Bluetooth: hci2: command tx timeout
[   67.715159][ T5854] veth0_vlan: entered promiscuous mode
[   67.723938][ T5854] veth1_vlan: entered promiscuous mode
[   67.757463][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.769454][ T5854] veth0_macvtap: entered promiscuous mode
[   67.781136][ T5854] veth1_macvtap: entered promiscuous mode
[   67.811168][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_0
[   67.826255][ T5854] batman_adv: batadv0: Interface activated: batadv_slave_1
[   67.839390][ T5850] veth0_vlan: entered promiscuous mode
[   67.851084][ T5861] 8021q: adding VLAN 0 to HW filter on device batadv0
[   67.856373][ T5881] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   67.866765][ T5881] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   67.873256][ T5850] veth1_vlan: entered promiscuous mode
[   67.876399][ T5881] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   67.881131][ T5881] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   67.931361][ T5850] veth0_macvtap: entered promiscuous mode
[   67.955718][ T5850] veth1_macvtap: entered promiscuous mode
[   67.996103][ T5861] veth0_vlan: entered promiscuous mode
[   68.002758][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.011647][ T3609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.019036][ T3609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.024438][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.029639][ T5861] veth1_vlan: entered promiscuous mode
[   68.053453][ T5881] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.066572][ T5881] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.071306][ T3609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.078597][ T3609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.082899][ T5881] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.099613][ T5881] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.108385][ T5861] veth0_macvtap: entered promiscuous mode
[   68.127743][ T5861] veth1_macvtap: entered promiscuous mode
[   68.158589][ T5854] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   68.170782][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_0
[   68.202537][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.204770][ T5861] batman_adv: batadv0: Interface activated: batadv_slave_1
[   68.211864][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.254354][ T5882] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   68.257108][ T5882] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   68.260462][ T5882] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   68.272030][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.274987][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.279467][ T5882] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   68.389047][ T3609] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.398050][ T3609] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   68.443130][ T3609] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   68.447117][ T3609] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   69.672092][   T54] Bluetooth: hci0: command tx timeout
[   69.672265][ T5853] Bluetooth: hci1: command tx timeout
[   69.752534][ T5853] Bluetooth: hci2: command tx timeout
[   69.982714][ T5943] loop0: detected capacity change from 0 to 1024
[   69.985697][ T5943] =======================================================
[   69.985697][ T5943] WARNING: The mand mount option has been deprecated and
[   69.985697][ T5943]          and is ignored by this kernel. Remove the mand
[   69.985697][ T5943]          option from the mount to silence this warning.
[   69.985697][ T5943] =======================================================
[   70.014411][ T5943] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (7780!=20869)
[   70.030365][ T5943] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[   70.034492][ T5943] EXT4-fs (loop0): invalid journal inode
[   70.036425][ T5943] EXT4-fs (loop0): can't get journal size
[   70.040762][ T5943] EXT4-fs error (device loop0): ext4_map_blocks:778: inode #3: block 17104912: comm syz.0.12: lblock 2 mapped to illegal pblock 17104912 (length 1)
[   70.051025][ T5943] EXT4-fs (loop0): failed to initialize system zone (-117)
[   70.057428][ T5943] EXT4-fs (loop0): mount failed
[   70.307290][ T5962] netlink: 44 bytes leftover after parsing attributes in process `syz.1.17'.
[   70.402416][   T47] usb 1-1: new low-speed USB device number 2 using dummy_hcd
[   70.424210][ T5964] loop1: detected capacity change from 0 to 8192
[   70.427595][ T5964] msdos: Unknown parameter 'dk'
[   70.504761][ T5967] loop1: detected capacity change from 0 to 1024
[   70.507653][ T5967] EXT4-fs: inline encryption not supported
[   70.509456][ T5967] EXT4-fs: Ignoring removed bh option
[   70.539161][ T5967] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   70.555649][   T47] usb 1-1: unable to get BOS descriptor or descriptor too short
[   70.559896][   T47] usb 1-1: config 9 has an invalid interface number: 166 but max is 1
[   70.563179][   T47] usb 1-1: config 9 has an invalid interface number: 224 but max is 1
[   70.565805][   T47] usb 1-1: config 9 has no interface number 0
[   70.567673][   T47] usb 1-1: config 9 has no interface number 1
[   70.569526][   T47] usb 1-1: config 9 interface 166 has no altsetting 0
[   70.571662][   T47] usb 1-1: config 9 interface 224 has no altsetting 0
[   70.577524][   T47] usb 1-1: string descriptor 0 read error: -22
[   70.579627][   T47] usb 1-1: New USB device found, idVendor=06f8, idProduct=3002, bcdDevice=d8.0a
[   70.580003][ T5967] EXT4-fs error (device loop1): mb_free_blocks:2017: group 0, inode 15: block 241:freeing already freed block (bit 15); block bitmap corrupt.
[   70.585876][   T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.588632][ T5967] EXT4-fs (loop1): Remounting filesystem read-only
[   70.639115][ T5861] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   70.810404][   T47] usb 1-1: USB disconnect, device number 2
[   70.899452][ T5976] loop1: detected capacity change from 0 to 32768
[   70.923881][ T5976] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   70.965760][ T5861] ocfs2: Unmounting device (7,1) on (node local)
[   71.037361][ T1362] ieee802154 phy0 wpan0: encryption failed: -22
[   71.039549][ T1362] ieee802154 phy1 wpan1: encryption failed: -22
[   71.416235][ T5992] loop1: detected capacity change from 0 to 32768
[   71.420696][ T5992] bcachefs (/dev/loop1): error validating superblock: Invalid superblock section replicas: no devices in entry sb: 33/0 []
[   71.420696][ T5992] replicas (size 24):
[   71.420696][ T5992] btree: 0/1 [2] sb: 33/0 [] (unknown data_type 144): 56/184 [0 0 0 0 0 0 108 1 0 0 6 0 0 0 0 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 1 0 1 0 5 0 0 0 8 0 0 0 0 0 0 0 1 0 2 0 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 3 5 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 6 0 0 0 0 11 0 0 0 0 0 0 3 1 1 0 0 0 0 0 2 0 0 0 6 0 0 0 0 0 0 0 0 0 0 0 2 1 1 0 0 0 0 0 2 0 0 0 6 0 0 0 16 0]
[   71.420696][ T5992] 
[   71.447449][ T5992] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[   71.713191][ T5998] loop0: detected capacity change from 0 to 32768
[   71.751850][   T24] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   71.754384][ T5853] Bluetooth: hci1: command tx timeout
[   71.754425][   T54] Bluetooth: hci0: command tx timeout
[   71.811257][ T5998] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,erasure_code,degraded=yes,no_splitbrain_check,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,nocow
[   71.811275][ T5998]   allowing incompatible features above 0.0: (unknown version)
[   71.811281][ T5998]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[   71.826117][ T5998] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0
[   71.829595][ T5998] bcachefs (loop0): recovering from clean shutdown, journal seq 10
[   71.832285][   T54] Bluetooth: hci2: command tx timeout
[   71.835866][ T5998] bcachefs (loop0): Version upgrade required:
[   71.835866][ T5998] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[   71.835866][ T5998] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[   71.835866][ T5998]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[   71.864228][ T5998] bcachefs (loop0): dropping and reconstructing all alloc info
[   71.880859][ T5998] bcachefs (loop0): accounting_read... done
[   71.886337][ T5998] bcachefs (loop0): alloc_read... done
[   71.888413][ T5998] bcachefs (loop0): snapshots_read... done
[   71.891095][ T5998] bcachefs (loop0): done starting filesystem
[   71.912053][   T24] usb 2-1: Using ep0 maxpacket: 8
[   71.915231][   T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x99, changing to 0x89
[   71.923348][   T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has an invalid bInterval 0, changing to 7
[   71.934961][   T24] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e
[   71.937952][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   71.942033][   T24] usb 2-1: Product: syz
[   71.944632][   T24] usb 2-1: Manufacturer: syz
[   71.948699][   T24] usb 2-1: SerialNumber: syz
[   71.960857][ T5854] bcachefs (loop0): shutting down
[   71.962314][   T24] usb 2-1: config 0 descriptor??
[   72.001769][ T5854] bcachefs (loop0): shutdown complete
[   72.051806][   T24] rc_core: IR keymap rc-streamzap not found
[   72.053814][   T24] Registered IR keymap rc-empty
[   72.057182][   T24] rc rc0: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0
[   72.062414][   T24] input: Streamzap PC Remote Infrared Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input4
[   72.186160][   T24] usb 2-1: USB disconnect, device number 2
[   72.843887][ T6015] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[   72.846829][ T6015] IPv6: NLM_F_CREATE should be set when creating new route
[   72.851327][ T6015] lo: entered allmulticast mode
[   72.857262][ T6015] tunl0: entered allmulticast mode
[   72.861226][ T6015] gre0: entered allmulticast mode
[   72.870666][ T6015] gretap0: entered allmulticast mode
[   72.875970][ T6015] erspan0: entered allmulticast mode
[   72.879498][ T6015] ip_vti0: entered allmulticast mode
[   72.883118][ T6015] ip6_vti0: entered allmulticast mode
[   72.886953][ T6015] sit0: entered allmulticast mode
[   72.891422][ T6015] ip6tnl0: entered allmulticast mode
[   72.895041][ T6015] ip6gre0: entered allmulticast mode
[   72.898511][ T6015] syz_tun: entered allmulticast mode
[   72.903127][ T6015] ip6gretap0: entered allmulticast mode
[   72.909930][ T6015] bridge0: port 2(bridge_slave_1) entered disabled state
[   72.913470][ T6015] bridge0: port 1(bridge_slave_0) entered disabled state
[   72.918166][ T6015] bridge0: entered allmulticast mode
[   72.923679][ T6015] vcan0: entered allmulticast mode
[   72.929999][ T6015] bond0: entered allmulticast mode
[   72.932313][ T6015] bond_slave_0: entered allmulticast mode
[   72.934440][ T6015] bond_slave_1: entered allmulticast mode
[   72.941542][ T6015] team0: entered allmulticast mode
[   72.944585][ T6015] team_slave_0: entered allmulticast mode
[   72.946837][ T6015] team_slave_1: entered allmulticast mode
[   72.954807][ T6015] dummy0: entered allmulticast mode
[   72.960124][ T6015] nlmon0: entered allmulticast mode
[   72.963785][ T6015] caif0: entered allmulticast mode
[   72.965792][ T6015] batadv0: entered allmulticast mode
[   72.970154][ T6015] vxcan0: entered allmulticast mode
[   72.973013][ T6015] vxcan1: entered allmulticast mode
[   72.978379][ T6015] veth0: entered allmulticast mode
[   72.984039][ T6015] veth1: entered allmulticast mode
[   72.988366][ T6015] wg0: entered allmulticast mode
[   72.991558][ T6015] wg1: entered allmulticast mode
[   72.995118][ T6015] wg2: entered allmulticast mode
[   72.998931][ T6015] veth0_to_bridge: entered allmulticast mode
[   73.005841][ T6015] veth1_to_bridge: entered allmulticast mode
[   73.013516][ T6015] veth0_to_bond: entered allmulticast mode
[   73.018679][ T6015] veth1_to_bond: entered allmulticast mode
[   73.024331][ T6015] veth0_to_team: entered allmulticast mode
[   73.034955][ T6015] veth1_to_team: entered allmulticast mode
[   73.043246][ T6015] veth0_to_batadv: entered allmulticast mode
[   73.046930][ T6015] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   73.049533][ T6015] batadv_slave_0: entered allmulticast mode
[   73.054493][ T6015] veth1_to_batadv: entered allmulticast mode
[   73.058287][ T6015] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   73.060878][ T6015] batadv_slave_1: entered allmulticast mode
[   73.064769][ T6015] xfrm0: entered allmulticast mode
[   73.068010][ T6015] veth0_to_hsr: entered allmulticast mode
[   73.072434][ T6015] hsr_slave_0: entered allmulticast mode
[   73.075952][ T6015] veth1_to_hsr: entered allmulticast mode
[   73.079590][ T6015] hsr_slave_1: entered allmulticast mode
[   73.084691][ T6015] hsr0: entered allmulticast mode
[   73.088337][ T6015] veth1_virt_wifi: entered allmulticast mode
[   73.093141][ T6015] veth0_virt_wifi: entered allmulticast mode
[   73.096994][ T6015] net veth1_virt_wifi virt_wifi0: entered allmulticast mode
[   73.099892][ T6015] veth1_vlan: entered allmulticast mode
[   73.104087][ T6015] veth0_vlan: entered allmulticast mode
[   73.113956][ T6015] vlan0: entered allmulticast mode
[   73.115672][ T6015] vlan1: entered allmulticast mode
[   73.117979][ T6015] macvlan0: entered allmulticast mode
[   73.127340][ T6015] macvlan1: entered allmulticast mode
[   73.134524][ T6015] ipvlan0: entered allmulticast mode
[   73.138858][ T6015] ipvlan1: entered allmulticast mode
[   73.142256][ T6015] veth1_macvtap: entered allmulticast mode
[   73.146191][ T6015] veth0_macvtap: entered allmulticast mode
[   73.150916][ T6015] macvtap0: entered allmulticast mode
[   73.157339][ T6015] macsec0: entered allmulticast mode
[   73.166069][ T6015] geneve0: entered allmulticast mode
[   73.175726][ T6015] geneve1: entered allmulticast mode
[   73.197817][ T6015] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[   73.203415][ T6015] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[   73.208373][ T6015] netdevsim netdevsim1 netdevsim2: entered allmulticast mode
[   73.215379][ T6015] netdevsim netdevsim1 netdevsim3: entered allmulticast mode
[   73.226659][ T6015] mac80211_hwsim hwsim6 wlan0: entered allmulticast mode
[   73.235975][ T6015] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[   73.239735][ T6015] sit1: entered allmulticast mode
[   73.261897][   T12] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.265229][   T12] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.304775][   T12] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.307589][   T12] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   73.470956][ T6034] loop2: detected capacity change from 0 to 512
[   73.481198][ T6034] EXT4-fs: Ignoring removed bh option
[   73.514237][ T6034] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[   73.525745][ T6034] EXT4-fs (loop2): invalid journal inode
[   73.534117][ T6034] EXT4-fs (loop2): can't get journal size
[   73.550894][ T6034] EXT4-fs (loop2): 1 truncate cleaned up
[   73.552905][ T6042] loop0: detected capacity change from 0 to 1024
[   73.563379][ T6034] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   73.615968][ T6034] Device name not specified.
[   73.615968][ T6034] 
[   73.619869][ T1089] hfsplus: b-tree write err: -5, ino 4
[   73.655266][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   73.832341][   T54] Bluetooth: hci0: command tx timeout
[   73.842970][   T54] Bluetooth: hci1: command tx timeout
[   73.912047][   T54] Bluetooth: hci2: command tx timeout
[   73.997905][ T6059] syz.1.56 uses obsolete (PF_INET,SOCK_PACKET)
[   74.494326][ T6063] loop0: detected capacity change from 0 to 32768
[   74.498868][ T6063] XFS: ikeep mount option is deprecated.
[   74.529370][ T6063] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   74.604587][ T6063] XFS (loop0): Ending clean mount
[   74.613895][ T6063] XFS (loop0): Quotacheck needed: Please wait.
[   74.623985][ T3609] XFS (loop0): Metadata CRC error detected at xfs_rmapbt_read_verify+0x42/0xe0, xfs_rmapbt block 0x14 
[   74.627522][ T3609] XFS (loop0): Unmount and run xfs_repair
[   74.629368][ T3609] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[   74.636471][ T3609] 00000000: 52 4d 42 33 00 00 00 0c ff ff ff ff ff ff ff ff  RMB3............
[   74.643955][ T3609] 00000010: 00 00 00 00 00 00 00 14 00 00 00 01 00 00 00 80  ................
[   74.651985][ T3609] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91  ..G...N..b..1...
[   74.658799][ T3609] 00000030: 00 00 00 00 5b af 3b 1d 00 00 00 00 00 00 00 01  ....[.;.........
[   74.662368][ T3609] 00000040: ff ff ff ff ff ff ff fd 00 00 00 00 00 00 00 00  ................
[   74.665415][ T3609] 00000050: 00 00 00 01 00 00 00 02 ff ff ff ff ff ff ff fb  ................
[   74.668361][ T3609] 00000060: 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 02  ................
[   74.671382][ T3609] 00000070: ff ff ff ff ff ff ff fa 00 00 00 00 00 00 00 00  ................
[   74.677533][ T3609] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x290/0x470" at daddr 0x14 len 4 error 74
[   74.688201][ T3609] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x517/0x8e0 (fs/xfs/xfs_trans_buf.c:311).  Shutting down filesystem.
[   74.694655][ T3609] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[   74.715396][ T6063] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[   74.719140][ T6063] XFS (loop0): Error -5 reserving per-AG metadata reserve pool.
[   75.075596][   T24] libceph: connect (1)[c::]:6789 error -101
[   75.080118][   T24] libceph: mon0 (1)[c::]:6789 connect error
[   75.223587][ T6079] ceph: No mds server is up or the cluster is laggy
[   75.282291][   T95] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   75.434153][   T95] usb 2-1: Using ep0 maxpacket: 16
[   75.453367][   T95] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[   75.468180][   T95] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[   75.477468][   T95] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   75.505519][   T95] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[   75.515993][   T95] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   75.525951][   T95] usb 2-1: Product: syz
[   75.527474][   T95] usb 2-1: Manufacturer: syz
[   75.529974][   T95] usb 2-1: SerialNumber: syz
[   75.780312][   T95] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found
[   75.857668][   T95] usb 2-1: USB disconnect, device number 3
[   75.948465][ T5860] udevd[5860]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[   76.066472][ T6087] loop2: detected capacity change from 0 to 32768
[   76.080320][ T6087] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.64 (6087)
[   76.115467][ T6087] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   76.123305][ T6087] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   76.129136][ T6087] BTRFS info (device loop2): using free-space-tree
[   76.401107][ T5850] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   76.779489][ T6106] mmap: syz.0.65 (6106) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[   76.896223][ T6118] loop2: detected capacity change from 0 to 32768
[   76.905854][ T6118] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.70 (6118)
[   76.934980][ T6118] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   76.938639][ T6118] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[   77.033125][ T6118] BTRFS info (device loop2): rebuilding free space tree
[   77.046035][ T6136] loop0: detected capacity change from 0 to 512
[   77.050133][ T6136] EXT4-fs (loop0): can't read group descriptor 0
[   77.074224][ T6118] BTRFS info (device loop2): disabling free space tree
[   77.076511][ T6118] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[   77.091436][ T6118] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[   77.151584][ T6140] netlink: 20 bytes leftover after parsing attributes in process `syz.0.73'.
[   77.154505][ T6118] overlayfs: conflicting lowerdir path
[   77.161584][ T6118] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[   77.231511][ T5850] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   77.640518][ T6166] evm: overlay not supported
[   77.982720][ T5916] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   78.138435][ T5916] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   78.143655][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10
[   78.148386][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 255, setting to 64
[   78.153147][ T5916] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[   78.158244][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.214062][ T5916] usb 3-1: config 0 descriptor??
[   78.226099][ T6170] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[   78.249494][ T5916] hub 3-1:0.0: bad descriptor, ignoring hub
[   78.261142][ T5916] hub 3-1:0.0: probe with driver hub failed with error -5
[   78.676135][ T5916] elan 0003:04F3:0755.0001: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.2-1/input0
[   78.891865][ T6190] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   78.922310][   T24] usb 3-1: USB disconnect, device number 2
[   79.691835][ T5916] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[   79.843317][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[   79.846976][ T5916] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[   79.851091][ T5916] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[   79.857422][ T5916] usb 1-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[   79.860613][ T5916] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   79.863610][ T5916] usb 1-1: Product: syz
[   79.865020][ T5916] usb 1-1: Manufacturer: syz
[   79.866576][ T5916] usb 1-1: SerialNumber: syz
[   79.873618][ T5916] usb 1-1: config 0 descriptor??
[   79.876020][ T6202] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   79.879128][ T6202] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[   79.883778][ T5916] usb 1-1: ucan: probing device on interface #0
[   80.247688][ T6212] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[   80.295061][ T5916] usb 1-1: ucan: failed to retrieve device info
[   80.304106][ T5916] usb 1-1: ucan: probe failed; try to update the device firmware
[   80.324722][ T5916] usb 1-1: USB disconnect, device number 3
[   80.474938][ T6224] netlink: 8 bytes leftover after parsing attributes in process `syz.2.110'.
[   80.872948][ T6238] fuse: Bad value for 'fd'
[   80.884164][ T6238] loop1: detected capacity change from 0 to 16
[   80.902245][ T6238] erofs (device loop1): mounted with root inode @ nid 36.
[   80.921684][ T6238] erofs (device loop1): readahead error at folio 87 @ nid 36
[   80.924701][ T6238] erofs (device loop1): readahead error at folio 86 @ nid 36
[   80.928316][ T6238] erofs (device loop1): bogus lookback distance 363 @ lcn 82 of nid 36
[   80.931386][ T6238] erofs (device loop1): readahead error at folio 83 @ nid 36
[   80.934259][ T6238] erofs (device loop1): bogus lookback distance 363 @ lcn 82 of nid 36
[   80.937367][ T6238] erofs (device loop1): readahead error at folio 82 @ nid 36
[   80.940317][ T6238] erofs (device loop1): readahead error at folio 79 @ nid 36
[   80.943022][ T6238] erofs (device loop1): readahead error at folio 78 @ nid 36
[   80.945905][ T6238] erofs (device loop1): bogus lookback distance 1485 @ lcn 75 of nid 36
[   80.948838][ T6238] erofs (device loop1): readahead error at folio 76 @ nid 36
[   80.951509][ T6238] erofs (device loop1): bogus lookback distance 1485 @ lcn 75 of nid 36
[   80.954629][ T6238] erofs (device loop1): readahead error at folio 75 @ nid 36
[   80.957425][ T6238] erofs (device loop1): readahead error at folio 74 @ nid 36
[   80.959968][ T6238] erofs (device loop1): readahead error at folio 72 @ nid 36
[   80.962443][ T6238] erofs (device loop1): readahead error at folio 71 @ nid 36
[   80.965038][ T6238] erofs (device loop1): readahead error at folio 70 @ nid 36
[   80.968659][ T6238] erofs (device loop1): readahead error at folio 63 @ nid 36
[   80.971364][ T6238] erofs (device loop1): readahead error at folio 61 @ nid 36
[   80.974200][ T6238] erofs (device loop1): bogus lookback distance 1024 @ lcn 58 of nid 36
[   80.977053][ T6238] erofs (device loop1): readahead error at folio 59 @ nid 36
[   80.979617][ T6238] erofs (device loop1): bogus lookback distance 1024 @ lcn 58 of nid 36
[   80.983160][ T6238] erofs (device loop1): readahead error at folio 58 @ nid 36
[   80.985997][ T6238] erofs (device loop1): readahead error at folio 56 @ nid 36
[   80.989092][ T6238] erofs (device loop1): bogus lookback distance 1586 @ lcn 46 of nid 36
[   80.991932][ T6238] erofs (device loop1): readahead error at folio 47 @ nid 36
[   80.995047][ T6238] erofs (device loop1): bogus lookback distance 1586 @ lcn 46 of nid 36
[   80.998412][ T6238] erofs (device loop1): readahead error at folio 46 @ nid 36
[   81.000873][ T6238] erofs (device loop1): readahead error at folio 45 @ nid 36
[   81.003752][ T6238] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[   81.007014][ T6238] erofs (device loop1): readahead error at folio 43 @ nid 36
[   81.009487][ T6238] erofs (device loop1): bogus lookback distance 1388 @ lcn 42 of nid 36
[   81.012989][ T6238] erofs (device loop1): readahead error at folio 42 @ nid 36
[   81.015826][ T6238] erofs (device loop1): bogus lookback distance 774 @ lcn 40 of nid 36
[   81.018857][ T6238] erofs (device loop1): readahead error at folio 41 @ nid 36
[   81.021300][ T6238] erofs (device loop1): bogus lookback distance 774 @ lcn 40 of nid 36
[   81.024106][ T6238] erofs (device loop1): readahead error at folio 40 @ nid 36
[   81.026562][ T6238] erofs (device loop1): readahead error at folio 39 @ nid 36
[   81.029149][ T6238] erofs (device loop1): readahead error at folio 38 @ nid 36
[   81.033004][ T6238] erofs (device loop1): readahead error at folio 36 @ nid 36
[   81.036946][ T6238] erofs (device loop1): bogus lookback distance 1468 @ lcn 31 of nid 36
[   81.040400][ T6238] erofs (device loop1): readahead error at folio 31 @ nid 36
[   81.043667][ T6238] erofs (device loop1): readahead error at folio 25 @ nid 36
[   81.046235][ T6238] erofs (device loop1): readahead error at folio 24 @ nid 36
[   81.049267][ T6238] erofs (device loop1): readahead error at folio 19 @ nid 36
[   81.053666][ T6238] syz.1.115: attempt to access beyond end of device
[   81.053666][ T6238] loop1: rw=524288, sector=784, nr_sectors = 64 limit=16
[   81.059070][ T6238] syz.1.115: attempt to access beyond end of device
[   81.059070][ T6238] loop1: rw=524288, sector=13478624080, nr_sectors = 24 limit=16
[   81.064211][ T6238] syz.1.115: attempt to access beyond end of device
[   81.064211][ T6238] loop1: rw=524288, sector=13478624032, nr_sectors = 48 limit=16
[   81.069206][ T6238] syz.1.115: attempt to access beyond end of device
[   81.069206][ T6238] loop1: rw=524288, sector=32, nr_sectors = 64 limit=16
[   81.073922][ T6238] syz.1.115: attempt to access beyond end of device
[   81.073922][ T6238] loop1: rw=524288, sector=8, nr_sectors = 24 limit=16
[   81.078101][ T6238] syz.1.115: attempt to access beyond end of device
[   81.078101][ T6238] loop1: rw=524288, sector=14425508768, nr_sectors = 8 limit=16
[   81.381114][ T6258] netlink: 240 bytes leftover after parsing attributes in process `syz.2.128'.
[   81.393517][ T6258] NCSI netlink: No device for ifindex 1024
[   81.580033][ T6270] loop0: detected capacity change from 0 to 1024
[   81.609299][ T6270] syz.0.133: attempt to access beyond end of device
[   81.609299][ T6270] loop0: rw=0, sector=5778, nr_sectors = 2 limit=1024
[   81.615955][ T6270] syz.0.133: attempt to access beyond end of device
[   81.615955][ T6270] loop0: rw=0, sector=5778, nr_sectors = 2 limit=1024
[   81.622493][ T6270] Buffer I/O error on dev loop0, logical block 2889, async page read
[   81.629587][ T6270] syz.0.133: attempt to access beyond end of device
[   81.629587][ T6270] loop0: rw=0, sector=5778, nr_sectors = 2 limit=1024
[   81.635431][ T6269] syz.0.133: attempt to access beyond end of device
[   81.635431][ T6269] loop0: rw=0, sector=5778, nr_sectors = 2 limit=1024
[   81.655751][   T33] audit: type=1800 audit(1755604519.945:2): pid=6270 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.133" name="file1" dev="loop0" ino=20 res=0 errno=0
[   83.222322][ T6333] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   83.228287][ T6334] loop2: detected capacity change from 0 to 512
[   83.242515][ T6334] EXT4-fs: Ignoring removed bh option
[   83.277075][ T6334] EXT4-fs error (device loop2): ext4_xattr_inode_iget:433: comm syz.2.160: Parent and EA inode have the same ino 15
[   83.291091][ T6334] EXT4-fs (loop2): 1 orphan inode deleted
[   83.298202][ T6334] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   83.376371][ T5850] EXT4-fs error (device loop2): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=1024 fake=0
[   83.454433][ T6344] loop1: detected capacity change from 0 to 8
[   83.469155][ T6344] squashfs image failed sanity check
[   83.634048][ T5850] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   83.638023][ T6350] loop1: detected capacity change from 0 to 2048
[   83.692838][   T12] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.780239][   T12] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.835739][   T12] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   83.903147][   T12] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   84.107862][   T12] bridge_slave_1: left allmulticast mode
[   84.111433][   T12] bridge_slave_1: left promiscuous mode
[   84.204578][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.226812][   T12] bridge_slave_0: left allmulticast mode
[   84.229081][   T12] bridge_slave_0: left promiscuous mode
[   84.231690][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.265386][ T6361] loop0: detected capacity change from 0 to 1024
[   84.292449][ T6361] hfsplus: bad catalog entry type
[   84.380521][  T672] hfsplus: b-tree write err: -5, ino 4
[   84.407569][ T5853] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   84.411292][ T5853] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   84.420471][ T5853] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   84.433611][ T5853] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   84.437185][ T5853] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   84.701610][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[   84.707160][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[   84.711098][   T12] bond0 (unregistering): Released all slaves
[   84.733791][ T6369] veth2: entered promiscuous mode
[   84.735424][ T6369] veth2: entered allmulticast mode
[   85.103409][   T12] hsr_slave_0: left promiscuous mode
[   85.106355][   T12] hsr_slave_1: left promiscuous mode
[   85.109185][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.112792][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.116932][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.120026][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.149095][   T12] veth1_macvtap: left promiscuous mode
[   85.151638][   T12] veth0_macvtap: left promiscuous mode
[   85.154578][   T12] veth1_vlan: left promiscuous mode
[   85.156810][   T12] veth0_vlan: left promiscuous mode
[   85.649499][   T12] team0 (unregistering): Port device team_slave_1 removed
[   85.701126][   T12] team0 (unregistering): Port device team_slave_0 removed
[   85.710525][ T6394] netlink: 'syz.1.183': attribute type 5 has an invalid length.
[   85.781353][ T6396] netlink: 'syz.1.184': attribute type 3 has an invalid length.
[   85.789530][ T6396] netlink: 236 bytes leftover after parsing attributes in process `syz.1.184'.
[   86.222651][ T6405] loop0: detected capacity change from 0 to 512
[   86.259149][ T6405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.281937][ T6405] ext4 filesystem being mounted at /64/file2 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.286220][ T6365] chnl_net:caif_netlink_parms(): no params data found
[   86.335818][ T6405] EXT4-fs error (device loop0): ext4_xattr_block_get:593: inode #15: comm syz.0.188: corrupted xattr block 33: overlapping e_value 
[   86.362151][   T33] audit: type=1800 audit(1755604524.675:3): pid=6405 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.188" name="file1" dev="loop0" ino=15 res=0 errno=0
[   86.410992][   T10] cfg80211: failed to load regulatory.db
[   86.474665][ T5853] Bluetooth: hci0: command tx timeout
[   86.487275][ T5854] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.573427][ T6365] bridge0: port 1(bridge_slave_0) entered blocking state
[   86.576370][ T6365] bridge0: port 1(bridge_slave_0) entered disabled state
[   86.579279][ T6365] bridge_slave_0: entered allmulticast mode
[   86.587363][ T6365] bridge_slave_0: entered promiscuous mode
[   86.609200][   T12] ------------[ cut here ]------------
[   86.611651][   T12] WARNING: CPU: 0 PID: 12 at net/ipv6/xfrm6_tunnel.c:341 xfrm6_tunnel_net_exit+0x81/0x100
[   86.615848][   T12] Modules linked in:
[   86.617691][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.622617][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   86.626531][   T12] Workqueue: netns cleanup_net
[   86.628473][   T12] RIP: 0010:xfrm6_tunnel_net_exit+0x81/0x100
[   86.630885][   T12] Code: a5 90 df f7 4b 83 3c 2c 00 75 19 e8 49 27 7c f7 49 81 fd f8 07 00 00 74 1d e8 3b 27 7c f7 49 83 c5 08 eb c9 e8 30 27 7c f7 90 <0f> 0b 90 49 81 fd f8 07 00 00 75 e3 48 81 c3 00 08 00 00 45 31 f6
[   86.637641][   T12] RSP: 0018:ffffc900000f78b0 EFLAGS: 00010293
[   86.639700][   T12] RAX: ffffffff8a438500 RBX: ffff88810fea0000 RCX: ffff88801c2e5640
[   86.642889][   T12] RDX: 0000000000000000 RSI: ffffffff8d9b6935 RDI: ffff88810fea0000
[   86.645943][   T12] RBP: ffffc900000f79b0 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6
[   86.649002][   T12] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffff88810fea0000
[   86.652229][   T12] R13: 0000000000000000 R14: ffff888113bf0000 R15: dffffc0000000000
[   86.655320][   T12] FS:  0000000000000000(0000) GS:ffff8880b861c000(0000) knlGS:0000000000000000
[   86.658808][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.661399][   T12] CR2: 00007fca19bf5fc8 CR3: 000000010f870000 CR4: 00000000000006f0
[   86.664611][   T12] Call Trace:
[   86.665977][   T12]  <TASK>
[   86.667172][   T12]  ops_undo_list+0x49a/0x990
[   86.668992][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[   86.671014][   T12]  ? do_raw_spin_unlock+0x4d/0x240
[   86.673233][   T12]  cleanup_net+0x4c5/0x800
[   86.675027][   T12]  ? __pfx_cleanup_net+0x10/0x10
[   86.676957][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.679026][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   86.681166][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   86.683490][   T12]  process_scheduled_works+0xae1/0x17b0
[   86.685678][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.688045][   T12]  worker_thread+0x8a0/0xda0
[   86.689866][   T12]  kthread+0x711/0x8a0
[   86.691508][   T12]  ? __pfx_worker_thread+0x10/0x10
[   86.693588][   T12]  ? __pfx_kthread+0x10/0x10
[   86.695422][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.697471][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.699498][   T12]  ? __pfx_kthread+0x10/0x10
[   86.701344][   T12]  ret_from_fork+0x3fc/0x770
[   86.703680][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[   86.705734][   T12]  ? __switch_to_asm+0x39/0x70
[   86.707623][   T12]  ? __switch_to_asm+0x33/0x70
[   86.709458][   T12]  ? __pfx_kthread+0x10/0x10
[   86.711315][   T12]  ret_from_fork_asm+0x1a/0x30
[   86.713605][   T12]  </TASK>
[   86.714873][   T12] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   86.717695][   T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.721314][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   86.725293][   T12] Workqueue: netns cleanup_net
[   86.727139][   T12] Call Trace:
[   86.728459][   T12]  <TASK>
[   86.729624][   T12]  dump_stack_lvl+0x99/0x250
[   86.731435][   T12]  ? __asan_memcpy+0x40/0x70
[   86.733324][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[   86.735557][   T12]  ? __pfx__printk+0x10/0x10
[   86.737336][   T12]  vpanic+0x281/0x750
[   86.738918][   T12]  ? __pfx__printk+0x10/0x10
[   86.740745][   T12]  ? __pfx_vpanic+0x10/0x10
[   86.742532][   T12]  ? is_bpf_text_address+0x292/0x2b0
[   86.744603][   T12]  panic+0xb9/0xc0
[   86.746100][   T12]  ? __pfx_panic+0x10/0x10
[   86.747878][   T12]  __warn+0x31b/0x4b0
[   86.749456][   T12]  ? xfrm6_tunnel_net_exit+0x81/0x100
[   86.751554][   T12]  ? xfrm6_tunnel_net_exit+0x81/0x100
[   86.753664][   T12]  report_bug+0x2be/0x4f0
[   86.755369][   T12]  ? xfrm6_tunnel_net_exit+0x81/0x100
[   86.757474][   T12]  ? xfrm6_tunnel_net_exit+0x81/0x100
[   86.759594][   T12]  ? xfrm6_tunnel_net_exit+0x83/0x100
[   86.761656][   T12]  handle_bug+0x84/0x160
[   86.763343][   T12]  exc_invalid_op+0x1a/0x50
[   86.765113][   T12]  asm_exc_invalid_op+0x1a/0x20
[   86.767063][   T12] RIP: 0010:xfrm6_tunnel_net_exit+0x81/0x100
[   86.769393][   T12] Code: a5 90 df f7 4b 83 3c 2c 00 75 19 e8 49 27 7c f7 49 81 fd f8 07 00 00 74 1d e8 3b 27 7c f7 49 83 c5 08 eb c9 e8 30 27 7c f7 90 <0f> 0b 90 49 81 fd f8 07 00 00 75 e3 48 81 c3 00 08 00 00 45 31 f6
[   86.776642][   T12] RSP: 0018:ffffc900000f78b0 EFLAGS: 00010293
[   86.778682][   T12] RAX: ffffffff8a438500 RBX: ffff88810fea0000 RCX: ffff88801c2e5640
[   86.781715][   T12] RDX: 0000000000000000 RSI: ffffffff8d9b6935 RDI: ffff88810fea0000
[   86.784749][   T12] RBP: ffffc900000f79b0 R08: ffffffff8fa37e37 R09: 1ffffffff1f46fc6
[   86.787714][   T12] R10: dffffc0000000000 R11: fffffbfff1f46fc7 R12: ffff88810fea0000
[   86.790856][   T12] R13: 0000000000000000 R14: ffff888113bf0000 R15: dffffc0000000000
[   86.793881][   T12]  ? xfrm6_tunnel_net_exit+0x80/0x100
[   86.795917][   T12]  ops_undo_list+0x49a/0x990
[   86.797714][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[   86.799733][   T12]  ? do_raw_spin_unlock+0x4d/0x240
[   86.801775][   T12]  cleanup_net+0x4c5/0x800
[   86.803536][   T12]  ? __pfx_cleanup_net+0x10/0x10
[   86.805484][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.807510][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   86.809698][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[   86.811939][   T12]  process_scheduled_works+0xae1/0x17b0
[   86.814118][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[   86.816432][   T12]  worker_thread+0x8a0/0xda0
[   86.818268][   T12]  kthread+0x711/0x8a0
[   86.819911][   T12]  ? __pfx_worker_thread+0x10/0x10
[   86.821863][   T12]  ? __pfx_kthread+0x10/0x10
[   86.823651][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.825698][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.827717][   T12]  ? __pfx_kthread+0x10/0x10
[   86.829512][   T12]  ret_from_fork+0x3fc/0x770
[   86.831359][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[   86.833316][   T12]  ? __switch_to_asm+0x39/0x70
[   86.835161][   T12]  ? __switch_to_asm+0x33/0x70
[   86.837068][   T12]  ? __pfx_kthread+0x10/0x10
[   86.838888][   T12]  ret_from_fork_asm+0x1a/0x30
[   86.840752][   T12]  </TASK>
[   86.842708][   T12] Kernel Offset: disabled
[   86.844386][   T12] Rebooting in 86400 seconds..

VM DIAGNOSIS:
11:55:25  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000044 RBX=0000000000000044 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900000f7050
R8 =ffff88801f270237 R9 =1ffff11003e4e046 R10=dffffc0000000000 R11=ffffffff854eff70
R12=dffffc0000000000 R13=ffffffff99af98e1 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854effec RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fca19bf5fc8 CR3=000000010f870000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007fca18f87498 00007fca18f87470 XMM03=00007fca18f874a8 00007fca18f874a0
XMM04=00007fca19aed100 00007fca18f87460 XMM05=00007fca18f87478 00007fca18f874c0
XMM06=00007fca18f874b8 00007fca18f874b0 XMM07=00007fca18f874a8 00007fca18f874a0
XMM08=0000000000000000 00007fca18e12ee7 XMM09=0000000000000000 00007fca18e12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=00000000000001b4 RBX=0000000000000000 RCX=00000000ffffffff RDX=0000000000000003
RSI=0000000000000000 RDI=ffff88810b963980 RBP=0000000000000000 RSP=ffffc900043cf220
R8 =0000000000000000 R9 =ffffffff81cea276 R10=ffffc900043cf438 R11=ffffffff81ac3910
R12=ffffffffffffff05 R13=0000000000000001 R14=ffff88810b964498 R15=ffff88810b964490
RIP=ffffffff819d646e RFL=00000007 [-----PC] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fafc88ad380 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fafc8929440 CR3=000000010779a000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000001 XMM01=0000000000000015 000000000003bf12
XMM02=ffffffffffffffff e50821dc03000200 XMM03=f603000000000000 0000000000000001
XMM04=0000000000000000 0000000000000000 XMM05=0000555560d96721 0000555560d965c0
XMM06=0000000000000000 0000000000000000 XMM07=24d00300100024c0 0302100024b00378
XMM08=1000239003000200 21f6030000000000 XMM09=0000000000000000 0000000000000000
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
