last executing test programs:

2.871434311s ago: executing program 1 (id=75):
r0 = syz_open_dev$sndpcmp(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000280)={0x0, [[0x5, 0x1], [0xffff, 0x2, 0x3, 0xfffffffd], [0xfff, 0x0, 0x3, 0x0, 0x0, 0x0, 0x4, 0x3]], '\x00', [{0x0, 0x1, 0x1}, {}, {0x0, 0x4000005}, {0x0, 0x3}, {}, {0x80000}, {}, {0x4}, {0x2}, {0x5}, {}, {0x0, 0xfffffffd}]})

2.797583357s ago: executing program 1 (id=76):
r0 = syz_usb_connect$uac3(0x3, 0x97, &(0x7f0000000040)=ANY=[@ANYBLOB="12011003000000103d100001400001020301090285000301d8100c080b0102010130020904000000010130000a2401100a00070000000904010000010244000904010101010230000905010920000e00030a2525070000000c9801090402000001023000090402010101023000172401060080000007000200000000000000064a0900100905820920007f04000a2525000400008f0200"], &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x155555555555584b})
syz_usb_control_io$uac3(r0, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000480)=ANY=[]}, 0x0)
ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000004)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4008000)
open(0x0, 0x1431c2, 0x58)
mount$fuse(0x0, 0x0, 0x0, 0x40, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
llistxattr(0x0, 0x0, 0x0)
openat$urandom(0xffffffffffffff9c, 0x0, 0x103902, 0x0)

2.797472263s ago: executing program 0 (id=77):
inotify_init1(0x81000)

2.732180242s ago: executing program 0 (id=80):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)

2.732029371s ago: executing program 0 (id=81):
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000014935d1071042c03e9ba0102cc3c0902120001000000000904"], 0x0)

2.682731136s ago: executing program 2 (id=82):
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0)
lseek(r0, 0xffffffffffff0000, 0x2)

2.622490641s ago: executing program 2 (id=83):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TCXONC(r0, 0x540a, 0x0)
ioctl$TIOCSTI(r0, 0x5412, &(0x7f00000002c0)=0x5)
ioctl$TIOCL_PASTESEL(r0, 0x541c, &(0x7f0000000000))

2.621128787s ago: executing program 2 (id=84):
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000440)='loginuid\x00')
pwritev(r0, &(0x7f0000000500)=[{&(0x7f0000000000)='0', 0x1}, {&(0x7f00000002c0)='2', 0x1}], 0x2, 0x0, 0x0)

2.532639994s ago: executing program 2 (id=85):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000002000)={0x84, &(0x7f0000001b40)={0x0, 0x9, 0x1, '$'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.488878824s ago: executing program 0 (id=86):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_FLOW_DEFAULT_RATE={0x8, 0x10, 0x3}]}}]}, 0x38}}, 0x0)

1.48863534s ago: executing program 0 (id=87):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x1f, 0x10, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000002000000000000000400000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000000002b00850000008600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002000000850000006d00000095"], &(0x7f0000000600)='GPL\x00', 0x3, 0x0, 0x0, 0x41000, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)

1.419506659s ago: executing program 0 (id=88):
r0 = creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
close(r0)
r2 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x1a1)
fcntl$setlease(r2, 0x400, 0x1)
r3 = memfd_create(&(0x7f0000000180)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xecz\xabq\x95t*T9\xa9\b X \x04\"\x17\xbf\xcb\xccF\xda\xcf\xdd^\xa0\x15\xc0\xcb^h>\x1b\xb5d\xc7\x7f0\x9a&\xb0\x12#\x9c`\xa6\xed\x05\x95g\a\xccYb\xaf\xe9\xb6G?\x9f\xf5\xfe\xc1\xc0JJ\xc8\xd9d\x80\x13\x8fX\xb4\x19\xc4\\\xcb\x89-)\x90\x01\v\xac^\xdbBQ|\xaej;\x92\\\xf8u\x19Y\xee\x99EI\xf1t\xadn<\x9b\xc9\x87\xd0\xa7\x1a\x81\xb9\xc87sq\xd7\x15\xd6\x91O\x9c\x99!9>\xff\xa8\xfa\xe6=d\xcf\xca\xa9\xc61!\xc6P\x13\xd0\x88gZ\xbe\xdfl\xfa\xff\xb0m;d07tx\xbb\xabd\xe5\x16\xc4\xae\xf0', 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0xd931d3864d39dcdb)
r4 = memfd_create(&(0x7f00000002c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9\xd6\x1c\x1b*\x9a!?\x7f\xa5\xad\x9a,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf#2\x99\x1e\xa1`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\f<\x8f\xc1\x99\x89r\xe1?\xbdu\x98\xc3\xf8\xd2Q#\xc6g\xa0\x85\xd6G\x85\x11X\x8d,\x02\xd45\xb8\xca\x97\x9d\xcb\x1e\x80\xd6\xd5>N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec\x8aog\x87BR\x9d\xad\xd4FcB\xda\x95\xc3\xdd\x9d\x8f\x1a\xce\x18\x80\"j\xe1\xba\x1e\x97uX\xccv\xd6\vcz\x92A^\xbc\xceF\xf7\xe5:\xaf\xc5~\xbcJ e\r\x88c\x9d\xb92\xb6i4zq\xb3c\x0f\xb2t\x93\xf2E6b\xfa\xcdJ5\xe3W]`4\xd8D\x05\v\xfc)\xca\xedQ\xd0]Ot\'\xc2tDF\xf9\xa7\xb5(\x83\xa5\x0f\x1d\x1d\x06Dg\x13>\x19\xe85#\aaT\x89=\x104\xd5\x85Q\x96\x91\xea\x172P\xb3:\xadZ\xbc\xbe\x00\xf0\x14\x96\xd9M\xd7\x88QZs\xb2\xe1+$jfQodH\x05/y`~Mx\x02\x00(v\xe6`\x026\xfcgC\xb5\xf0\x13.zb\xc5bj+@\x00\x00\x00\x00\x00\x8e[\xb3\xa3\x87\xb9\xe2_Z\x11\xef\xc2]V\xf3\x03\x94\xb9\xe1\xa68\x8d\\\xe5\xef\xacpM\xf0\xa6\x04\x10\xb7\xc0t\x83\\\xf7\x12k\x9f\x10\xd5Z\x19\xc1\xc1\x80\\o\x97\xce=U\xdd\xaa\x1b\x05\x14\x13\xa6\xbd#\xde\x04\xe6$\xec$3\xf6\x97\xc6\xeaSL\xb7A72M\x88k@\xe5\xa3\n&\x1e\xc84\xa9\xe2\xccM\x906\x95xQ-2p\xd62\'\xec\x0f\x13;I\x95fE_\r\xe7\t!A\x05\xe4\x8f\x9e0\xf8/T\x18\xf7\xa1\x9f\xde1\xd5\x80<\xf5\b\xa9\xec\x85\xaeW\xb3\xd8#)bn \xfb\xf2\x88\xfaR\xff\xdd\x80\x96_\xec5\xf0\x1c\a\x8a\x80\x00@=\r8u+%f:\x1e\x82\xfap\xf6\x89\xea\xba\xe3\xbbM%F\xdb\\\xd1eJJ*\xc67\xca\x03\xa3\xf7(\xbb\xecN\xd4\xe7\xf2:u\x8a\b\xd5\v\xca\xfd\\\xd6\xe3\x05\xb3\x03\xd5\xe0\xd2\xf2{&\x8b\xdf\xa1\xbe}\xb2\xe4y\xbb\xe6\x1f\x10c\xf5WQ\x82\x04\x01C\x83,\x90\x1a\xfa\x8e\x17\x89\xe2\xedX\x8d\rmq\t\xb5$\xb4\x9b\x92z\xd6/-\x13,\xb5%\x8eM/\x04\xa7\x7f\x1b\x85\xf1\xa4X\x17\xbb\x1cR14\xfb!\b\x10\xe8\xb2\xd41gK\xe4\xea\xe39d\bL\xe5\x1b\xbd[\x9bWD:\r&\xe9\vn^\xcc\x86\xe3\xce1>3{\xaa{\xbd0P\x9f\xa68\xf5\x82\xb8\x9aD\x9c{\xe6\xf8\xcbD\xb5aJ\xb0\x92\x89\xbc\x80\x1ch\x89\xe7\xdd]q\x0e,>/\xaf|\xf0\x01V\x7f\xc9?\xba\x16\xe4$+\x02\x00\x00\x00\x00\x00\x00\x00\xa5\x94d9\xaf\xcfq\x8b=\x026\xef\r\x91\x18\xc5\xb6\xb9fM\x8ayZ\xbcd\xa5\x8a\x88\x98\xc3\xfc`\xa6\xba\x1f\x17\v$\x88g\xb4\xad\b\xc1\xddW\xa6\xc1\xb7\xb0\xa3\x84Q\x13GoU\xe2\xb7\x03\x9c\xd5\x0f\xa8\x0ef\"\x15\x82\xe7\xbd\xf8\xca\x10f\xfe6h\xe9\xc3\xc2\xa0O:\xac~\x1a\xf7\xbeF\xbe\xe5\xf0\x81\xd6&\xc0<Q8\xbeX\xde\xd6 \xef\x0e\xc2.\x9c=1\x15d\xddIv\x0fh\xe6M(D\xad\xeb\xcfX8\xb9\x8d\xbe(\xd3\x16?x\xbd@\x0f\xf5\xdb\xeb\xd7i*\xea\x86JX\xff;\x96\xbb\xa7\xa8u5R\xa2,\xba\xbc\x01\x12\xb3q,\x9d\xf8\xbdb`\xb3\xc6\x0f\xb3\xac\xc7\xa4O@\x81\xfc\x1a4$\x885\x97\xa9|\x99\x86*.\xda\x96RQ\xe5\xb1\xef\xb7\x10\x99\xd4\xa7\b\xcd\xe9\xa5\xf6wR\xc1\xdfH).\a\x9a\xab\x9e&+\xc4#\x90\xc9%\xb9\xd7o\x86\x13\a\xc0\x01w9u6\xdd\x9fJ^o\x1d\xda\x11?\xc1\xf5\xf7\xff\xec\x916\xceQ\xcfU\x035\x96\x8f\xc7\x84\"2\xef\x02\xcf\a+\x8a\xd1\x11\xb5\xa8\x92\f\xb3R\",\xfc!_&pD\xeb5\xc6\xc8\xff2\xee\x14\x83\x14l\x04\x80\xaa7\x80\xf1\x18\xf5\xa5\xd23\xe5\b\x00\xe8\x9c\xd4\xd0\a\x93#\xb9Z\xc0y\x97<\xe5i\xe9\xe4\xb02Cu\xe1d\r\x0e\xc1\xf1\x81^\xa7\xffz)\x19U\xe5\xd4\xf5@O#W\x8a\xbb3c+\n\x97\xa6\xf7\x90$\xd6*\xd0\x1b\x10\xe4HM:XO\x1b\rx\xc7\x12|\x7fN\xc9\xf9i\xe4\xe5-\x9b\xe407\x9d\xe8\xc6\x90\x9f_Jf\x05\r\x1b\x9af\v\xbcv\x83\xf3j\xaf\xd0F91 ^x\x85\x80[\xa3B\n#!\xc2R\xdd\xf4)\xba\x1e\xfb6U\xabc\xda\x9a)\xc3\x9a\x06\xc5\xccP)\xdf.\xa7-\x84\xdf8\xbf\xfc1^}B\xee\xccR/z\x1e\xe8\x1e\x99\x99\n\xf4u\xd4\xbd^L\xb2j\xda\xff\x1d\x10\xc8\xad\xbd_OI\xb1\xe8y\x003\a\x06\x92\x8e\n\x8b\xf3\xd4G\x85\xbd\x1a\x81+3\x99jq\xd1\xacK^\xef\xb6!8\xcd?\x1e\\\x16W2\xbd4$zn\xa9\x7f\x9dE\xaf\x0f\xdb\xe0\xfa\x10\xc3\xb2\xf8\x80\x8c\xec$\xda\xc0\x94y1\t\xc5', 0x2)
write$binfmt_misc(r4, &(0x7f0000000180)="d302", 0x2)
execveat(r4, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

1.413764759s ago: executing program 1 (id=89):
mkdirat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180)
capset(&(0x7f0000000500)={0x20071026}, &(0x7f0000000200)={0x200003, 0x200003, 0x801, 0x4, 0x7, 0x8})
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@xino_auto}]})

1.302151583s ago: executing program 1 (id=90):
r0 = socket(0x1, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000080)={'netdevsim0\x00', &(0x7f00000000c0)=@ethtool_pauseparam={0x2b, 0x3}})

1.301782789s ago: executing program 1 (id=91):
socket$inet(0x2, 0x80001, 0x84)
socket$vsock_stream(0x28, 0x1, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
prlimit64(0x0, 0x6, &(0x7f0000000140)={0x0, 0x4}, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x28}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0208000004"], 0x48)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1.190972546s ago: executing program 1 (id=92):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[@ANYBLOB="1201fb0019030320d812010079de01ec020109021b0001000003000904000001785ecc0009058502", @ANYRESDEC=0x0], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
preadv(r1, &(0x7f00000000c0)=[{&(0x7f0000000100)=""/245, 0xf5}, {0x0}], 0x2, 0x778f, 0x3)

715.234766ms ago: executing program 2 (id=93):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000340)={[{@noload}, {@stripe={'stripe', 0x3d, 0x30c}}, {@jqfmt_vfsv1}, {@noinit_itable}, {@jqfmt_vfsv1}, {@usrjquota}]}, 0xff, 0x46a, &(0x7f0000000980)="$eJzs3MtvG0UYAPDPm1efJEB5tLQQKIiKR9KkzwOXIpA4gITEpYhTSNKqNG2gCRKtIho4lCOqxL3iiMRfwAkuCDghcYU7QqpQLi2VkBbtejc1ju3WjVMX/PtJdma8Y+98Ozve2VlvAuhZo9lTJWJbRPwaEcPV7L8LjFb/XF9Zmv5rZWm6Emn61p+VvNy1laXpsmj5vq3VTJoW+aEG6730TsTU3NzsuSI/vnjm/fGF8xdePHVm6uTsydmzk0ePHjywZ/Dw5KGOxJnFdW3Xx/O7d7729uU3po9ffvfHr7P6biuW18bRKaPVrdvQM51eWZdtr0lX+rtYEdrSFxFZcw3k/X84+mLz6rLhePXTrlYO2FBpmqaNjs+F5RT4H6tEt2sAdEd5oM/Of8vHXRp63BOuHov44Eg1/uvFo7qkP5KizEDd+W0njUbE8eUbV7JHbNA8BABArW+PRcQLjcZ/STxcU+6+4hrKSETcHxEPRMSDEbEjIh6KyMs+EhGPtrn++iska8c/G3sxIRv/vVRc21od//2d5vEXRvqK3PY8/oHKiVNzs/uLbbIvBoay/ESLdXz3yi+fN1tWO/47vnxja6wsTZdjwarkj/66CbqZqcWpdYa96uonEbv66+LPVVa3fCUidkbErrY++eYZxqnnvtrdrFRd/Feur4m/hQ7sGumXEc9W23856uIvVZpen5w4cnjy0PimmJvdP17uFWv99POlN5utf13xd0DW/lvq9//cavwjlU0RC+cvnM6v1y60v45Lv33W9Jzm1vE33v8Hi+oNFq99NLW4eG4iYrDy+trXJ2++t8yX5bP49+1tFH+Sf8eVW+KxiMh24j0R8XhEPFHU/cmIeCoi9raI/4eXn36v/fhbzMp3UBb/zK3aP2rbv/1E3+nvv2k//lLW/gfz1L7ildv5/rvdCq5n2wEAAMB/RZL/Br6SjK2mk2RsrPob/h2xJZmbX1h8/sT8h2dnqr+VH4mBpJzpGq6ZD50o5obL/GRd/kAxb/xF3+Y8PzY9Pzdzc44V6IKtTfp/5ve+7Plil2sIbCj3a0Hv0v+hd7Xo/5vuZj2Au8/xH3qX/g+9q1H/N+0PvcHxH3qX/g+9S/+H3qX/Q09qem98sq5b/iVunUjT9GLLJri3E5G0/67+uEcqvyGJzRHRZFE6dOef3H/b/8ziDhNDDRd1+5sJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgM/4JAAD//9fk6nQ=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0)

0s ago: executing program 2 (id=94):
syz_emit_ethernet(0x82, &(0x7f0000000000)={@broadcast, @random="1704b45adbde", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x5, 0x0, 0x0, 0xe0, 0x0, 0xe000, {0x16, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty=0xac1414aa, @rand_addr, {[@lsrr={0x83, 0x3}, @rr={0x7, 0x2a}, @timestamp_prespec={0x44, 0x3c, 0x0, 0x3, 0x0, [{@private=0xa010101}, {@private}, {@dev}, {@remote}, {@private}, {@dev}, {@private}]}]}}}}}}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:46082' (ED25519) to the list of known hosts.
syzkaller login: [   56.358515][ T5772] cgroup: Unknown subsys name 'net'
[   56.486011][ T5772] cgroup: Unknown subsys name 'cpuset'
[   56.491216][ T5772] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   58.523417][ T5772] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   63.499624][   T55] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   63.505160][   T55] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   63.508761][   T55] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   63.512414][   T55] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   63.515691][   T55] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   63.534481][ T5198] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   63.538427][ T5198] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   63.543348][ T5815] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   63.553984][ T5815] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   63.560512][ T5813] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   63.563779][ T5813] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   63.568083][ T5813] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   63.571929][ T5820] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   63.592535][ T5820] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   63.596731][ T5820] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   63.852381][ T5809] chnl_net:caif_netlink_parms(): no params data found
[   63.868828][ T5814] chnl_net:caif_netlink_parms(): no params data found
[   63.899524][ T5818] chnl_net:caif_netlink_parms(): no params data found
[   64.022681][ T5809] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.026108][ T5809] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.029165][ T5809] bridge_slave_0: entered allmulticast mode
[   64.033916][ T5809] bridge_slave_0: entered promiscuous mode
[   64.060708][ T5809] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.064023][ T5809] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.066932][ T5809] bridge_slave_1: entered allmulticast mode
[   64.070928][ T5809] bridge_slave_1: entered promiscuous mode
[   64.147560][ T5809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.151308][ T5818] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.154650][ T5818] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.157533][ T5818] bridge_slave_0: entered allmulticast mode
[   64.161338][ T5818] bridge_slave_0: entered promiscuous mode
[   64.165852][ T5814] bridge0: port 1(bridge_slave_0) entered blocking state
[   64.168717][ T5814] bridge0: port 1(bridge_slave_0) entered disabled state
[   64.171458][ T5814] bridge_slave_0: entered allmulticast mode
[   64.175748][ T5814] bridge_slave_0: entered promiscuous mode
[   64.180497][ T5814] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.183903][ T5814] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.186984][ T5814] bridge_slave_1: entered allmulticast mode
[   64.190997][ T5814] bridge_slave_1: entered promiscuous mode
[   64.196967][ T5809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.213098][ T5818] bridge0: port 2(bridge_slave_1) entered blocking state
[   64.216130][ T5818] bridge0: port 2(bridge_slave_1) entered disabled state
[   64.218989][ T5818] bridge_slave_1: entered allmulticast mode
[   64.223321][ T5818] bridge_slave_1: entered promiscuous mode
[   64.275856][ T5809] team0: Port device team_slave_0 added
[   64.280945][ T5809] team0: Port device team_slave_1 added
[   64.296777][ T5818] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.303803][ T5814] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   64.317329][ T5818] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.323798][ T5814] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   64.361953][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.364787][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.375000][ T5809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.404667][ T5809] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.407381][ T5809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.417980][ T5809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.424442][ T5818] team0: Port device team_slave_0 added
[   64.436399][ T5814] team0: Port device team_slave_0 added
[   64.440767][ T5818] team0: Port device team_slave_1 added
[   64.456868][ T5814] team0: Port device team_slave_1 added
[   64.481931][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.484693][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.494952][ T5818] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.533625][ T5818] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.536393][ T5818] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.546704][ T5818] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.552452][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_0
[   64.555111][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.564889][ T5814] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   64.576486][ T5809] hsr_slave_0: entered promiscuous mode
[   64.579637][ T5809] hsr_slave_1: entered promiscuous mode
[   64.588472][ T5814] batman_adv: batadv0: Adding interface: batadv_slave_1
[   64.591197][ T5814] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   64.601369][ T5814] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   64.674652][ T5814] hsr_slave_0: entered promiscuous mode
[   64.677694][ T5814] hsr_slave_1: entered promiscuous mode
[   64.680604][ T5814] debugfs: 'hsr0' already exists in 'hsr'
[   64.683063][ T5814] Cannot create hsr debugfs directory
[   64.688705][ T5818] hsr_slave_0: entered promiscuous mode
[   64.691112][ T5818] hsr_slave_1: entered promiscuous mode
[   64.694013][ T5818] debugfs: 'hsr0' already exists in 'hsr'
[   64.695922][ T5818] Cannot create hsr debugfs directory
[   65.002822][ T5809] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   65.015628][ T5809] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   65.024052][ T5809] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   65.039478][ T5809] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   65.096557][ T5814] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   65.107806][ T5814] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   65.133851][ T5814] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   65.145853][ T5814] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   65.176660][ T5818] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   65.189422][ T5818] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   65.199421][ T5818] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   65.217682][ T5818] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   65.315573][ T5809] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.350188][ T5809] 8021q: adding VLAN 0 to HW filter on device team0
[   65.367891][   T84] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.370790][   T84] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.388328][   T84] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.391164][   T84] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.399889][ T5814] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.424327][ T5818] 8021q: adding VLAN 0 to HW filter on device bond0
[   65.465666][ T5814] 8021q: adding VLAN 0 to HW filter on device team0
[   65.473950][ T5818] 8021q: adding VLAN 0 to HW filter on device team0
[   65.485954][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.488819][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.504631][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[   65.507411][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[   65.512530][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.515331][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.534593][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[   65.537337][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[   65.575464][ T5815] Bluetooth: hci0: command tx timeout
[   65.665143][ T5815] Bluetooth: hci2: command tx timeout
[   65.667629][ T5815] Bluetooth: hci1: command tx timeout
[   65.753962][ T5809] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.773289][ T5818] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.821400][ T5814] 8021q: adding VLAN 0 to HW filter on device batadv0
[   65.843075][ T5818] veth0_vlan: entered promiscuous mode
[   65.848153][ T5809] veth0_vlan: entered promiscuous mode
[   65.856936][ T5818] veth1_vlan: entered promiscuous mode
[   65.867149][ T5809] veth1_vlan: entered promiscuous mode
[   65.904943][ T5814] veth0_vlan: entered promiscuous mode
[   65.914325][ T5814] veth1_vlan: entered promiscuous mode
[   65.927286][ T5809] veth0_macvtap: entered promiscuous mode
[   65.943245][ T5818] veth0_macvtap: entered promiscuous mode
[   65.953439][ T5809] veth1_macvtap: entered promiscuous mode
[   65.957136][ T5818] veth1_macvtap: entered promiscuous mode
[   65.974277][ T5814] veth0_macvtap: entered promiscuous mode
[   65.989656][ T5814] veth1_macvtap: entered promiscuous mode
[   65.994811][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.000320][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.015683][ T5809] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.028190][ T5818] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.034626][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_0
[   66.051114][   T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.055621][   T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.064251][   T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.069608][ T5814] batman_adv: batadv0: Interface activated: batadv_slave_1
[   66.076024][   T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.086071][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.104945][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.118254][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.136863][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.145953][   T12] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   66.157762][   T12] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   66.172375][   T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   66.196525][   T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   66.215703][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.218432][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.238674][   T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.241331][   T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.259193][   T28] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.261950][   T28] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.279856][   T33] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.286719][   T33] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.307711][ T5818] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   66.319670][ T1192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.323649][ T1192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.349248][ T1192] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   66.361620][ T1192] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   66.546192][ T5880] (syz.0.1,5880,1):ocfs2_fill_super:989 ERROR: superblock probe failed!
[   66.549552][ T5880] (syz.0.1,5880,1):ocfs2_fill_super:1177 ERROR: status = -22
[   66.683594][ T5887] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   66.752308][    T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   66.830317][ T5887] loop2: detected capacity change from 0 to 32768
[   66.833982][ T5887] btrfs: Deprecated parameter 'usebackuproot'
[   66.836035][ T5887] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[   66.843508][ T5887] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.6 (5887)
[   66.859764][ T5887] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   66.863600][ T5887] BTRFS info (device loop2): using crc32c checksum algorithm
[   66.866039][ T5887] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[   66.921905][    T9] usb 2-1: Using ep0 maxpacket: 8
[   66.932888][    T9] usb 2-1: unable to get BOS descriptor or descriptor too short
[   66.940039][    T9] usb 2-1: config 3 has an invalid interface number: 197 but max is 0
[   66.958326][    T9] usb 2-1: config 3 has no interface number 0
[   66.959118][ T1192] BTRFS warning (device loop2): checksum verify failed on logical 1052672 mirror 1 wanted 0x37e030f7 found 0x0aac338b level 0
[   66.960819][    T9] usb 2-1: config 3 interface 197 has no altsetting 0
[   66.966350][ T5911] loop0: detected capacity change from 0 to 128
[   66.980895][    T9] usb 2-1: New USB device found, idVendor=19ab, idProduct=1000, bcdDevice= 0.5d
[   66.982267][ T5887] BTRFS error (device loop2): failed to read chunk root
[   66.998286][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   67.005450][ T5887] BTRFS error (device loop2): open_ctree failed: -5
[   67.007784][ T5911] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256
[   67.017581][    T9] usb 2-1: Product: syz
[   67.018880][    T9] usb 2-1: Manufacturer: syz
[   67.020364][    T9] usb 2-1: SerialNumber: syz
[   67.029427][ T5911] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   67.056329][ T5887] pimreg: entered allmulticast mode
[   67.076777][ T5887] pimreg: left allmulticast mode
[   67.305622][    T9] uvcvideo 2-1:3.197: Found UVC 0.00 device syz (19ab:1000)
[   67.308956][    T9] uvcvideo 2-1:3.197: No valid video chain found.
[   67.349154][    T9] usb 2-1: USB disconnect, device number 2
[   67.538655][ T5923] loop0: detected capacity change from 0 to 2048
[   67.555689][ T5923] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[   67.566219][ T5923] exFAT-fs (loop0): invalid boot record signature
[   67.568906][ T5923] exFAT-fs (loop0): failed to read boot sector
[   67.571255][ T5923] exFAT-fs (loop0): failed to recognize exfat type
[   67.653339][ T5925] netlink: zone id is out of range
[   67.655388][ T5925] netlink: get zone limit has 4 unknown bytes
[   67.662559][ T5820] Bluetooth: hci0: command tx timeout
[   67.731945][ T5820] Bluetooth: hci1: command tx timeout
[   67.734409][ T5820] Bluetooth: hci2: command tx timeout
[   67.853302][ T5929] loop2: detected capacity change from 0 to 32768
[   67.857140][ T5929] btrfs: Deprecated parameter 'usebackuproot'
[   67.859406][ T5929] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[   67.864339][ T5929] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.19 (5929)
[   67.872066][ T5929] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   67.874982][ T5929] BTRFS info (device loop2): using crc32c checksum algorithm
[   67.998544][   T61] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[   68.013039][ T5929] BTRFS error (device loop2): failed to load root extent
[   68.015931][ T5929] BTRFS warning (device loop2): try to load backup roots slot 1
[   68.029701][   T61] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[   68.042044][ T5929] BTRFS warning (device loop2): couldn't read tree root
[   68.045782][ T5929] BTRFS warning (device loop2): try to load backup roots slot 2
[   68.048896][   T91] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[   68.058356][ T5929] BTRFS warning (device loop2): couldn't read tree root
[   68.062028][ T5929] BTRFS warning (device loop2): try to load backup roots slot 3
[   68.076993][ T5929] BTRFS info (device loop2): rebuilding free space tree
[   68.108487][ T5929] BTRFS info (device loop2): checking UUID tree
[   68.113709][ T5929] BTRFS info (device loop2): enabling ssd optimizations
[   68.116479][ T5929] BTRFS info (device loop2): turning on async discard
[   68.119145][ T5929] BTRFS info (device loop2): enabling free space tree
[   68.122282][ T5929] BTRFS info (device loop2): force clearing of disk cache
[   68.125053][ T5929] BTRFS info (device loop2): enabling auto defrag
[   68.127527][ T5929] BTRFS info (device loop2): trying to use backup root at mount time
[   68.130593][ T5929] BTRFS info (device loop2): use zstd compression, level 3
[   68.181876][ T5860] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   68.227022][ T5818] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   68.352850][ T5860] usb 2-1: Using ep0 maxpacket: 16
[   68.372761][ T5860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   68.381668][ T5860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   68.396913][ T5860] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[   68.399880][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   68.417358][ T5860] usb 2-1: config 0 descriptor??
[   68.477128][ T5970] raw_sendmsg: syz.0.31 forgot to set AF_INET. Fix it!
[   68.837874][ T5860] hid-multitouch 0003:1FD2:6007.0001: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.1-1/input0
[   68.961798][ T5846] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[   69.037055][ T5860] usb 2-1: USB disconnect, device number 3
[   69.133368][ T5846] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   69.136906][ T5846] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   69.141267][ T5846] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   69.145037][ T5846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   69.340819][ T5983] IPVS: starting estimator thread 0...
[   69.361888][ T5846] usb 1-1: usb_control_msg returned -32
[   69.363665][ T5846] usbtmc 1-1:16.0: can't read capabilities
[   69.411073][ T5988] Cannot find add_set index 4 as target
[   69.434965][ T5986] IPVS: using max 48 ests per chain, 115200 per kthread
[   69.741952][ T5815] Bluetooth: hci0: command tx timeout
[   69.811700][ T5815] Bluetooth: hci2: command tx timeout
[   69.813514][ T5815] Bluetooth: hci1: command tx timeout
[   69.930630][ T5810] usb 1-1: USB disconnect, device number 2
[   70.261719][ T5873] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   70.291704][   T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   70.411884][ T5873] usb 3-1: Using ep0 maxpacket: 16
[   70.417022][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   70.421239][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   70.425402][ T5873] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[   70.429535][ T5873] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[   70.432451][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   70.441518][ T5873] usb 3-1: config 0 descriptor??
[   70.443303][   T10] usb 2-1: Using ep0 maxpacket: 16
[   70.474307][   T10] usb 2-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4
[   70.477922][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   70.481074][   T10] usb 2-1: Product: syz
[   70.483390][   T10] usb 2-1: Manufacturer: syz
[   70.485000][   T10] usb 2-1: SerialNumber: syz
[   70.490269][   T10] usb 2-1: config 0 descriptor??
[   70.499432][   T10] gspca_main: spca508-2.14.0 probing 041e:4018
[   70.691420][ T6025] loop0: detected capacity change from 0 to 32768
[   70.715073][   T10] gspca_spca508: reg_read err -32
[   70.719374][ T6025] 
[   70.719374][ T6025]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.719374][ T6025] 
[   70.724574][   T10] gspca_spca508: reg_read err -32
[   70.729315][   T10] gspca_spca508: reg_read err -32
[   70.733619][   T10] gspca_spca508: reg_read err -32
[   70.739478][ T6025] 
[   70.739478][ T6025]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.739478][ T6025] 
[   70.744456][ T6025] 
[   70.744456][ T6025]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.744456][ T6025] 
[   70.749230][ T6025] 
[   70.749230][ T6025]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.749230][ T6025] 
[   70.753467][ T6025] 
[   70.753467][ T6025]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.753467][ T6025] 
[   70.757336][ T6025] 
[   70.757336][ T6025]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.757336][ T6025] 
[   70.764966][  T116] 
[   70.764966][  T116]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.764966][  T116] 
[   70.788305][ T5809] 
[   70.788305][ T5809]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.788305][ T5809] 
[   70.795884][ T5809] 
[   70.795884][ T5809]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[   70.795884][ T5809] 
[   70.873406][ T5873] shield 0003:0955:7214.0002: item fetching failed at offset 4/5
[   70.879650][ T5873] shield 0003:0955:7214.0002: Parse failed
[   70.884088][ T5873] shield 0003:0955:7214.0002: probe with driver shield failed with error -22
[   70.939595][   T10] gspca_spca508: reg write: error -71
[   70.941296][   T10] spca508 2-1:0.0: probe with driver spca508 failed with error -71
[   70.946298][ T6029] tipc: Enabling of bearer <udp:syz2> rejected, failed to enable media
[   70.947163][   T10] usb 2-1: USB disconnect, device number 4
[   71.068258][ T5846] usb 3-1: USB disconnect, device number 2
[   71.265887][ T5873] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   71.431747][ T5873] usb 1-1: Using ep0 maxpacket: 16
[   71.435739][ T5873] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[   71.439164][ T5873] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[   71.447429][ T5873] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   71.450962][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[   71.454332][ T5873] usb 1-1: SerialNumber: syz
[   71.509395][ T6033] loop1: detected capacity change from 0 to 128
[   71.535293][ T6033] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   71.540980][ T6033] ext4 filesystem being mounted at /8/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   71.593776][ T5814] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   71.769969][ T6042] loop2: detected capacity change from 0 to 2048
[   71.788241][ T6042] UDF-fs: warning (device loop2): udf_fill_super: No fileset found
[   71.814144][ T5820] Bluetooth: hci0: command tx timeout
[   71.892648][ T5820] Bluetooth: hci1: command tx timeout
[   71.894754][ T5820] Bluetooth: hci2: command tx timeout
[   72.182198][ T6054] process 'syz.2.64' launched './file0' with NULL argv: empty string added
[   72.208060][ T5810] usb 1-1: USB disconnect, device number 3
[   72.260327][ T6056] netlink: 'syz.0.66': attribute type 10 has an invalid length.
[   72.341118][ T6056] 8021q: adding VLAN 0 to HW filter on device team0
[   72.347852][ T6056] bond0: (slave team0): Enslaving as an active interface with an up link
[   72.843121][ T6095] capability: warning: `syz.2.84' uses deprecated v2 capabilities in a way that may be insecure
[   72.881656][ T5873] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   72.981662][    T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   73.041816][ T5873] usb 2-1: Using ep0 maxpacket: 16
[   73.046741][ T5873] usb 2-1: unable to get BOS descriptor or descriptor too short
[   73.050483][ T5873] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7
[   73.058350][ T5873] usb 2-1: string descriptor 0 read error: -22
[   73.060830][ T5873] usb 2-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40
[   73.064808][ T5873] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.076305][ T5873] usb 2-1: Audio class v2/v3 interfaces need an interface association
[   73.081130][ T5873] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22
[   73.086957][ T5873] usb 2-1: unknown interface protocol 0x44, assuming v1
[   73.089033][ T5873] usb 2-1: cannot find UAC_HEADER
[   73.090844][ T5873] snd-usb-audio 2-1:1.1: probe with driver snd-usb-audio failed with error -22
[   73.095658][ T5873] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found
[   73.121816][ T5810] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[   73.151599][    T9] usb 1-1: Using ep0 maxpacket: 16
[   73.153999][    T9] usb 1-1: too many configurations: 60, using maximum allowed: 8
[   73.167961][    T9] usb 1-1: New USB device found, idVendor=0471, idProduct=032c, bcdDevice=ba.e9
[   73.170681][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=204
[   73.173258][    T9] usb 1-1: Product: syz
[   73.175094][    T9] usb 1-1: Manufacturer: syz
[   73.177059][    T9] usb 1-1: SerialNumber: syz
[   73.184083][    T9] usb 1-1: config 0 descriptor??
[   73.190107][    T9] pwc: Philips SPC 880NC USB webcam detected.
[   73.271664][ T5810] usb 3-1: Using ep0 maxpacket: 16
[   73.279463][ T5810] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[   73.287395][ T5810] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[   73.299272][ T5810] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[   73.312124][ T5810] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   73.315512][ T5810] usb 3-1: Product: syz
[   73.320594][ T5810] usb 3-1: Manufacturer: syz
[   73.323993][ T5810] usb 3-1: SerialNumber: syz
[   73.334407][ T5810] usb 3-1: config 0 descriptor??
[   73.343932][ T5810] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[   73.348551][ T5810] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class)
[   73.391462][    T9] pwc: Warning: more than 1 configuration available.
[   73.396634][    T9] pwc: Failed to set LED on/off time (-71)
[   73.398719][    T9] pwc: send_video_command error -71
[   73.400523][    T9] pwc: Failed to set video mode VGA@30 fps; return code = -71
[   73.403373][    T9] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71
[   73.407987][    T9] usb 1-1: USB disconnect, device number 4
[   73.501028][   T10] usb 2-1: USB disconnect, device number 5
[   73.950626][ T5810] em28xx 3-1:0.0: chip ID is em2882/3
[   74.066073][ T6106] overlayfs: upper fs does not support file handles, falling back to index=off.
[   74.069865][ T6106] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[   74.075335][ T6106] overlayfs: conflicting lowerdir path
[   74.155713][ T5810] em28xx 3-1:0.0: Config register raw data: 0xfffffffb
[   74.160654][ T5810] em28xx 3-1:0.0: AC97 chip type couldn't be determined
[   74.163755][ T5810] em28xx 3-1:0.0: No AC97 audio processor
[   74.170876][ T5810] usb 3-1: USB disconnect, device number 3
[   74.173996][ T5810] em28xx 3-1:0.0: Disconnecting em28xx
[   74.181402][ T5810] em28xx 3-1:0.0: Freeing device
[   74.188861][ T6110] io-wq is not configured for unbound workers
[   74.471659][   T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[   74.621629][   T10] usb 2-1: Using ep0 maxpacket: 32
[   74.624651][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 12336, setting to 1024
[   74.628166][   T10] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[   74.633317][   T10] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[   74.636470][   T10] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[   74.639163][   T10] usb 2-1: Product: syz
[   74.640497][   T10] usb 2-1: Manufacturer: syz
[   74.642689][   T10] usb 2-1: SerialNumber: syz
[   74.645838][   T10] usb 2-1: config 0 descriptor??
[   74.651208][ T6112] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[   74.704025][ T6114] loop2: detected capacity change from 0 to 512
[   74.713000][ T6114] EXT4-fs error (device loop2): ext4_iget_extra_inode:5025: inode #15: comm syz.2.93: corrupted in-inode xattr: overlapping e_value 
[   74.719816][ T6114] loop2: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[   74.720769][ T6114] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.93: couldn't read orphan inode 15 (err -117)
[   74.724474][    C1] EXT4-fs (loop2): error count since last fsck: 1
[   74.724535][    C1] EXT4-fs (loop2): initial error at time 1778874113: ext4_iget_extra_inode:5025: inode 15
[   74.724556][    C1] EXT4-fs (loop2): last error at time 1778874113: ext4_iget_extra_inode:5025: inode 15
[   74.741083][ T6114] loop2: lost filesystem error report for type 5 error -117
[   74.743612][ T6114] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   74.759298][ T6114] overlayfs: upper fs needs to support d_type.
[   74.769323][ T6114] EXT4-fs error (device loop2): ext4_lookup:1785: inode #14: comm syz.2.93: invalid fast symlink length 39
[   74.799484][ T5818] EXT4-fs error (device loop2): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[   74.807632][ T5818] EXT4-fs error (device loop2): ext4_lookup:1785: inode #14: comm syz-executor: invalid fast symlink length 39
[   74.861464][   T10] usb 2-1: USB disconnect, device number 6
[  179.851563][    C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  179.853808][    C0] rcu: 	1-...!: (0 ticks this GP) idle=516c/1/0x4000000000000000 softirq=14908/14909 fqs=113
[  179.857621][    C0] rcu: 	(detected by 0, t=10502 jiffies, g=9805, q=1007 ncpus=2)
[  179.860002][    C0] Sending NMI from CPU 0 to CPUs 1:
[  179.860074][    C1] NMI backtrace for cpu 1
[  179.860112][    C1] CPU: 1 UID: 0 PID: 6103 Comm: syz.0.88 Not tainted syzkaller #0 PREEMPT(full) 
[  179.860128][    C1] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  179.860137][    C1] RIP: 0010:sched_mm_cid_fork+0x5a4/0x1120
[  179.860159][    C1] Code: 04 24 44 89 30 31 ed 31 db e9 7f 01 00 00 31 ed 31 db e9 7b 01 00 00 49 c7 c4 98 1e 1b 8e 49 c1 ec 03 41 bd 00 00 00 80 eb 0a <89> e8 f7 d8 0f 81 e3 fe ff ff f3 90 48 b8 00 00 00 00 00 fc ff df
[  179.860170][    C1] RSP: 0018:ffffc9000722fc48 EFLAGS: 00000046
[  179.860182][    C1] RAX: 0000000000000002 RBX: ffff888117698b90 RCX: 0000000080000001
[  179.860191][    C1] RDX: dffffc0000000000 RSI: 0000000000000002 RDI: ffff888117698b90
[  179.860200][    C1] RBP: 0000000080000000 R08: 1ffff11022ed3021 R09: 0000000000000000
[  179.860208][    C1] R10: ffff888117698254 R11: fffff52000e45f78 R12: 1ffffffff1c363d3
[  179.860218][    C1] R13: 0000000080000000 R14: 0000000000000002 R15: ffff888117698000
[  179.860226][    C1] FS:  00007f9103e3b6c0(0000) GS:ffff8882a945d000(0000) knlGS:0000000000000000
[  179.860237][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  179.860246][    C1] CR2: 0000001b30011ff8 CR3: 0000000108e42000 CR4: 00000000000006f0
[  179.860281][    C1] Call Trace:
[  179.860290][    C1]  <TASK>
[  179.860302][    C1]  bprm_execve+0xda1/0x1460
[  179.860323][    C1]  ? __pfx_bprm_execve+0x10/0x10
[  179.860338][    C1]  ? alloc_bprm+0x508/0x5c0
[  179.860350][    C1]  ? count+0x1cb/0x230
[  179.860364][    C1]  do_execveat_common+0x50d/0x690
[  179.860381][    C1]  __x64_sys_execveat+0xc7/0xf0
[  179.860396][    C1]  do_syscall_64+0x14d/0xf80
[  179.860410][    C1]  ? trace_irq_disable+0x3b/0x150
[  179.860430][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.860445][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  179.860457][    C1] RIP: 0033:0x7f9102f9ce59
[  179.860471][    C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  179.860481][    C1] RSP: 002b:00007f9103e3b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142
[  179.860495][    C1] RAX: ffffffffffffffda RBX: 00007f9103215fa0 RCX: 00007f9102f9ce59
[  179.860504][    C1] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004
[  179.860512][    C1] RBP: 00007f9103032d6f R08: 0000000000001000 R09: 0000000000000000
[  179.860520][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  179.860528][    C1] R13: 00007f9103216038 R14: 00007f9103215fa0 R15: 00007ffde08d14a8
[  179.860544][    C1]  </TASK>
[  179.861033][    C0] rcu: rcu_preempt kthread starved for 10276 jiffies! g9805 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0
[  179.940294][    C0] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  179.943266][    C0] rcu: RCU grace-period kthread stack dump:
[  179.945083][    C0] task:rcu_preempt     state:R  running task     stack:28120 pid:16    tgid:16    ppid:2      task_flags:0x208040 flags:0x00080000
[  179.949237][    C0] Call Trace:
[  179.950253][    C0]  <TASK>
[  179.951158][    C0]  __schedule+0x15dd/0x52d0
[  179.952573][    C0]  ? __lock_acquire+0x6b5/0x2cf0
[  179.954137][    C0]  ? __pfx___schedule+0x10/0x10
[  179.955636][    C0]  ? schedule+0x90/0x360
[  179.956954][    C0]  schedule+0x164/0x360
[  179.958463][    C0]  schedule_timeout+0x158/0x2c0
[  179.960386][    C0]  ? __pfx_schedule_timeout+0x10/0x10
[  179.962006][    C0]  ? __pfx_process_timeout+0x10/0x10
[  179.963626][    C0]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[  179.965342][    C0]  ? prepare_to_swait_event+0x340/0x370
[  179.967063][    C0]  rcu_gp_fqs_loop+0x312/0x11d0
[  179.968575][    C0]  ? __pfx_rcu_watching_snap_recheck+0x10/0x10
[  179.970393][    C0]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  179.971908][    C0]  ? _raw_spin_unlock_irq+0x2e/0x50
[  179.973428][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  179.975331][    C0]  rcu_gp_kthread+0x9e/0x2b0
[  179.976684][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  179.978299][    C0]  ? _raw_spin_unlock_irqrestore+0x30/0x80
[  179.980057][    C0]  ? __kthread_parkme+0x7a/0x1f0
[  179.981499][    C0]  ? __kthread_parkme+0x19c/0x1f0
[  179.982989][    C0]  kthread+0x388/0x470
[  179.984211][    C0]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  179.985788][    C0]  ? __pfx_kthread+0x10/0x10
[  179.987143][    C0]  ret_from_fork+0x51e/0xb90
[  179.988568][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  179.990187][    C0]  ? __switch_to+0xc7d/0x1450
[  179.991547][    C0]  ? __pfx_kthread+0x10/0x10
[  179.992915][    C0]  ret_from_fork_asm+0x1a/0x30
[  179.994311][    C0]  </TASK>
[  179.995229][    C0] rcu: Stack dump where RCU GP kthread last ran:
[  179.997131][    C0] CPU: 0 UID: 0 PID: 5809 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  179.999907][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  180.003069][    C0] RIP: 0010:smp_call_function_many_cond+0xce5/0x12c0
[  180.005018][    C0] Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 b4 e6 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 5f e2 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 43 e2
[  180.010847][    C0] RSP: 0000:ffffc90006357820 EFLAGS: 00000293
[  180.012590][    C0] RAX: ffffffff81b9bfed RBX: 1ffff110478c813d RCX: ffff8881705f57c0
[  180.014982][    C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[  180.017306][    C0] RBP: ffffc90006357950 R08: ffffffff9011b1b7 R09: 1ffffffff2023636
[  180.019641][    C0] R10: dffffc0000000000 R11: fffffbfff2023637 R12: ffff88823c6409e8
[  180.022190][    C0] R13: dffffc0000000000 R14: ffff88812103c000 R15: 0000000000000001
[  180.024513][    C0] FS:  000055556e333500(0000) GS:ffff88818de5d000(0000) knlGS:0000000000000000
[  180.027100][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  180.029004][    C0] CR2: 000055556e34ea28 CR3: 000000016f0e6000 CR4: 00000000000006f0
[  180.031319][    C0] Call Trace:
[  180.032448][    C0]  <TASK>
[  180.033315][    C0]  ? __pfx_should_flush_tlb+0x10/0x10
[  180.034791][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  180.036256][    C0]  ? __pfx_smp_call_function_many_cond+0x10/0x10
[  180.038034][    C0]  ? rcu_is_watching+0x15/0xb0
[  180.039436][    C0]  ? __pfx_should_flush_tlb+0x10/0x10
[  180.040898][    C0]  ? __pfx_flush_tlb_func+0x10/0x10
[  180.042457][    C0]  on_each_cpu_cond_mask+0x3f/0x80
[  180.044379][    C0]  flush_tlb_mm_range+0x5c3/0x10c0
[  180.045875][    C0]  ? page_table_check_clear+0x4b8/0x5f0
[  180.047508][    C0]  ptep_clear_flush+0x120/0x170
[  180.048924][    C0]  do_wp_page+0x4129/0x5a00
[  180.050320][    C0]  ? do_wp_page+0x3b9f/0x5a00
[  180.051646][    C0]  ? __pfx_do_wp_page+0x10/0x10
[  180.053085][    C0]  ? do_raw_spin_lock+0x12b/0x2f0
[  180.054712][    C0]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  180.056294][    C0]  handle_mm_fault+0x1520/0x3310
[  180.057768][    C0]  ? handle_mm_fault+0xee/0x3310
[  180.059214][    C0]  ? __pfx_handle_mm_fault+0x10/0x10
[  180.060785][    C0]  ? lock_vma_under_rcu+0x45a/0x500
[  180.062323][    C0]  do_user_addr_fault+0xa73/0x1340
[  180.063819][    C0]  ? rcu_is_watching+0x15/0xb0
[  180.065340][    C0]  ? trace_page_fault_user+0x84/0x210
[  180.066937][    C0]  exc_page_fault+0x6a/0xc0
[  180.068277][    C0]  asm_exc_page_fault+0x26/0x30
[  180.069717][    C0] RIP: 0033:0x7f9102f619e0
[  180.071047][    C0] Code: c4 28 00 48 8d 0c 1e 49 39 d0 49 89 48 60 0f 95 c2 48 29 d8 0f b6 d2 48 83 c8 01 48 c1 e2 02 48 09 da 48 83 ca 01 48 89 56 08 <48> 89 41 08 48 8d 4e 10 eb b0 48 8d 0d a7 d9 0c 00 ba 9e 10 00 00
[  180.077204][    C0] RSP: 002b:00007ffde08d16b0 EFLAGS: 00010206
[  180.079016][    C0] RAX: 00000000000185e1 RBX: 0000000000008040 RCX: 000055556e34ea20
[  180.081358][    C0] RDX: 0000000000008041 RSI: 000055556e3469e0 RDI: 0000000000000004
[  180.083768][    C0] RBP: 0000000000000802 R08: 00007f91031ede20 R09: 0000000000000001
[  180.086268][    C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000008030
[  180.088712][    C0] R13: 0000000000000000 R14: 00007f91031ede80 R15: 0000000000000000
[  180.091079][    C0]  </TASK>
