last executing test programs:

39.29429714s ago: executing program 0 (id=128):
set_mempolicy(0x4005, &(0x7f0000000080)=0x7e, 0xd)
r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000740)={&(0x7f0000000040)=ANY=[@ANYBLOB="9feb010018000000000000001800000018000000050000000100000001000013040000000200000088060000ff0f0000002e2e"], 0x0, 0x35, 0x0, 0x1}, 0x28)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001e80)={0x11, 0x3, &(0x7f0000006380)=ANY=[@ANYBLOB="1800000001000000000000000900000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf090000000000005509010000000000950000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7020000000000008500000086000000b7080000000000007b8af8ff00000000b7080000060000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000b7080000000000007b8af8ff00000000b7080000070000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000000000000b70500000800000085000000a5000000850000009e00000018220000", @ANYRES32, @ANYBLOB="00000000f8ffffff1801000020786c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000ff7f000085000000060000009500000000000000873306000800000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000070000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000100000085090000000000000091000000000000b7020000000000008500000085000000b70000d5657e5f451aad010000000000"], &(0x7f0000000080)='GPL\x00', 0x6, 0x1000, &(0x7f0000000cc0)=""/4096, 0x40f00, 0x5, '\x00', 0x0, 0x0, r0, 0x8, 0x0, 0xfffffffffffffe7c, 0x10, &(0x7f00000002c0)={0x0, 0x3, 0x4, 0x80c}, 0x10}, 0x94)

39.293970015s ago: executing program 0 (id=129):
r0 = socket$packet(0x11, 0x2, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'bridge0\x00', <r2=>0x0})
sendto$packet(r1, &(0x7f0000000100)="3f031c000302140006001e00890000004a1b78", 0x13, 0x48005, &(0x7f0000000540)={0xc9, 0x8100, r2, 0x1, 0x1, 0x6, @broadcast}, 0x14)
recvmmsg(r0, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20, 0x0)
readv(r0, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/133, 0x85}], 0x1)

39.214187621s ago: executing program 0 (id=130):
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x340, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc227, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xc, 0xd0, 0x5, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x3, 0x1, 0x1, 0x1, {0x9, 0x21, 0x6d, 0x8, 0x1, {0x22, 0x5bb}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0xe, 0x5, 0x5}}}}}]}}]}}, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x2, [{0x2, &(0x7f0000000140)=@string={0x2}}, {0x2, 0x0}]})

37.995337689s ago: executing program 0 (id=139):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@nodioread_nolock}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x2081413, 0x0, 0x1, 0x0, &(0x7f0000000080))
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000001100)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}], [], 0x2c})
chdir(&(0x7f0000000140)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents(r0, &(0x7f0000000040)=""/61, 0x3d)

37.757549481s ago: executing program 0 (id=141):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0xe}}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
socketpair(0x23, 0x2, 0x0, &(0x7f0000000040))

37.433196835s ago: executing program 0 (id=147):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x50})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})

37.239139768s ago: executing program 32 (id=147):
r0 = userfaultfd(0x1)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000240)={0xaa, 0x50})
ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000140)={{&(0x7f0000ffd000/0x1000)=nil, 0x1000}})

6.200167791s ago: executing program 3 (id=396):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="02000000040000000410000009"], 0x48)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x6, 0x4, 0x1, 0x1, r0}, 0x50)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x2dcf, r1, 0x4}, 0x38)

6.139802072s ago: executing program 3 (id=397):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
rt_sigsuspend(0x0, 0x0)

6.068136805s ago: executing program 3 (id=398):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000001080))
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r2 = socket$tipc(0x1e, 0x5, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00a717cf64394a00dc299b573660f498c4d99aac48af10923f703f53e58070c2bf4575228d0e471df7101ac03b8d48a1b0fc276e395f25b63e9a27cd2ab98888989eec154d97b4dbcf"], 0x1, 0xa09, &(0x7f0000001540)="$eJzs3UuMHEfdAPDq2Z31M5/H+WyyOCaxCSThkd14vZiHBXEUX7DiiFukiIvlOMHCMQhHgkQ52D5xI1FkrjzEKZcIEBK5ICsnLpGIJS45BQ4csIwUiQME7EW7WzU7+/eMemZt73h2fj+ptqa6aqaqZ3t6erq7qhIwthpLf+fnp6uULr3z5tG/P/y3LYtLnmiXaC39nexINVNKVU5Phtf7cGI5vv7Raye7xVWaW/pb0umZa+3nbkspnU/70uXUSnsuXXnjvbmnj184dnH/+28dvnpn1h4AAMbLty4fnt/9lz/dv/Pjtx84kja1l5fj81ZOb8/H/UfygX85/m+k1emqI3SaCuUmc2iEchNdynXW0wzlJnvUPxVet9mj3Kaa+ic6lnVbbxhlZTtupaoxsyrdaMzMLP8mT0u/66eqmbOnz7xwbkgNBW67fz6YUtonCMI4hoUdw94DASyL1wtvcj6eWbg17Veb7K/+a082uj8fboP13v7VP1r1/+qCPQ63z0bdmsp6lc/R9pyO1xHi/UuDfv7L68XrEc0+29nrOsKoXF/o1c6JdW7HWvVqf9wuNqqv57i8D98I+Z2fn/g/HZX/MdDdv5z/F4SxDQvD3gEBd61439xCVvLjfX0xf1NN/uaa/C01+Vtr8rfV5MM4++3LP0mvVyu/8+Nv+kHPh5XzbPfk+P8GbE88Hzlo/fG+30Hdav3xfmK4m/3+xLOnvvL8c1eW7/+v2tv/jby978vpVv5sXc4FyvnCeF69fe9/a3U9jR7l7g3tuadL+aXHu1aXq3atvE7q2M/c1I7p1c/b0avc3tXlWqHclhw2h/bG45Ot4Xnl+KPsV8v7NRnWtxnWYyq0o+xXduY4tgPWomyPve7/L9vndGpWL5w+c+rxnC7b6R8nmpsWlx9Y53YDt67f/j/TaXX/n+3t5c1G535hx8ryqnO/0ArL53osP5jT5XvuOxNblpbPnPzemedv98rDmDv3yqvfPXHmzKkfeOCBBx60Hwx7zwTcabMvv/T92XOvvPrY6ZdOvHjqxVNnDx46dHBu7tBXD87PLh3Xz3Ye3QMbycqX/rBbAgAAAAAAAAAAAPTrh8eOXvnzu1/+YLn//0r/v9L/v9z5W/r//zj0/4/95Es/+NIPcGeX/KUyYYDVqVCumcP/h/buCvXsDs/7RI7b8/jl/v+lujiua2nPfWF5HL+3lAvDCdw0XspUGIMkzhf46RxfzPEvEwxRtaX74hzXjW9dtvUyPoVxKUZT+b+VraGMY1L6f/ca16ns/3euQxu5/dajO+Gw1xHo7h/G/xaEsQ0LC2bxAO4Ow57/s5z3LPHZP3xz82Ioxa49uXp/GccvhVtxt88/qf6NNf9ne/67vvd/Yca81trq/ffPrn7QUW3a02/9cf3LONC7Bqv/41x/WZtHUn/1L/wi1B8vCPXpP6H+rX3Wf9P6711b/f/N9Ze37dGH+q1/ucVVY3U74nnjcv0vnjcurof1L2N7Drz+a5yo8UauH8bZqMwzO6hRmf+3l3gfxpdyuuwIy30Ocb6TQdtf7q8o3wO7w+tXNd9v5v8dbV/Lcd3nocz/W7bHVpd0oyPd7PLebtR9DYyqD13/E4SxDQsLC3f2hFaNoVbO0N//Yf9OGHb9w37/68T5f+MxfJz/N+bH+X9jfpz/N+bH+fVifpz/N76fcf7fmH9feN04P/B0Tf4na/L31OTfX5O/tyb/UzX5+2vyH6jJf7Am/96a/Idq8j9Tk//ZmvyHa/Ifrcn/XE3+Rlf6o4zr+sM4i/3zfP5hfJTrP70+/7tq8oHR9dO3Dzz13G++3Vru/z/VPh9SruMdyelm/u38o5yO171TR3ox792c/mvIv9vPd8A4ieNnxO/3R2rygdFV7vPy+YYxVHUfsaffcat6HeczWj6f4y/k+Is5fizHMzmezfGBHM+tU/u4M5769e8Ov16t/N7fEfL7vZ889geK40Qd7LM98fzAoPezx3H8BnWr9a+xOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQNJb+zs9PVyldeufNo88ePz27uOSJdonW0t/JjlSz/byUHs/xRI5/nh9c/+i1k53xjcV4KqUqzaUqVe3l6Zlr7Zq2pZTOp33pcmqlPZeuvPHe3NPHLxy7uP/9tw5fvYNvAQAAAGx4/wsAAP//2XsNow==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xd}, 0x0)
r3 = socket(0x40000000015, 0x5, 0x0)
setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f00000008c0), 0x4)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r3, {0xc84}}, './file0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000480)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="0200"/12, @ANYRES32, @ANYBLOB="dbaae2ee252de4f55efe950db02f2c3fc30a76209a599a411bc587f4fb12610e36eb231b870fefb67f76204e83ddb6081e7458f7dd78fd576c4c8373bc71baa7f4d92619342ab24ab5ecb97faa81cef87374025a4dfdb223bfa9b5544c830b67bbe703b04ec946e60297450847204810253c28a139829feb98a8c64b50d8f94390cb4a11c59d60c828e02ce67de9b5f325a5cb9af51d15d4843121c80d8b56ee120f55c3b1198678295e8cbbd125fb61ebe7636f49e9bd24f1c90449c2fd5ac8818d0ce0b551cfe8ce36225abf8d94153546fb", @ANYRES64=0x0], 0x20)
close(r3)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000300)={0x43, 0x3, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10)
sendmsg$tipc(r1, &(0x7f0000000740)={&(0x7f0000000440)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x3, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x4)
madvise(&(0x7f0000cf6000/0x4000)=nil, 0x4000, 0x16)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000140)={0x60, 0x0, &(0x7f0000001000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x4, &(0x7f00000004c0)=[{0x820000000, 0x0, 0x7}], 0x1, 0x5, 0x10, 0x40, 0x8, 0x6e})

5.051992363s ago: executing program 3 (id=402):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x80)
getdents64(r0, 0x0, 0x0)

4.639811866s ago: executing program 3 (id=404):
syz_mount_image$minix(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x2a0085e, &(0x7f0000000080)=ANY=[], 0x1, 0x229, &(0x7f0000000140)="$eJzs2z1PFEEcx/HfPtxxoIARtTCaEI1oI+dDZWHUjoo3QEXgVOIaUbSAmAiNWphQ2dlYmZhYWBqDnbHyBViY2GmIFJdYWbBmz32Am3vO3a4e30/D7Pxm2NkNc/eH5QRgz7qqcVmylA8OjhUOrI9ZWS8JQEr88Ou26yfsKATQ324OZ70CANnYuia9OCX9LD+ck5OPyoKgAvi6KWlj4olWFeb2gKRXnyU3rh+21qSjbphbBQ1W1xcvpdPRfGvIqD+C+UNxvm9HMhjnZ05G59+vYY1oNBckBzUW5vPx/CNN6x23reoIAID+ZGmyWd5wgK3rC17pXN08V8nP183zlfxCk/xifDwQt2aeTz9471/eDvLJuTvefKNlAqjB7mD/fzmetJ0m+9+ts/+rf08AkL6l5ZVbs57nP5IqjdK9sCdsRH8RSHocY0xXGtEzhxYGR08ojSj4Hjt6HHP6+oR57d27CjtZ2Kik3tyof7ihGtG3qb/3JO6xe3HndzVO/Pj9ePHZ23etDH7T5ins+KduZqNUrhojW+rhdY0bu2DWK7Q23Vr1/TZPWvPlIvnngEK3X4kApK14//ZicWl55eyCI+lGKRe94U9936xU9sXG9T2A/1fypl8rXTN6/N2H0x8//Spfev20gzNfkfTBfCAIAAAAAAAAAAAAAADadkiHs14CAAAAgJSYn/65O9Ltjy5lfY0AAAAAAAAAAAAAAAAAAPSbPwEAAP//dhAJcA==")
rename(&(0x7f0000000000)='./file2\x00', &(0x7f0000000040)='./file1\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x194)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

4.22742049s ago: executing program 3 (id=406):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x6f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000202505a1a440000102030109025d00020100a0060904000001020d000006240600012005240001010d240f01000000000700ef030506241a05002a090581034000000301000002"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000100)=@ready={0x0, 0x0, 0x8, "f897bfa1", {0x1, 0x9d, 0x8, 0x9, 0x5}})
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0xfffffffffffffd7e, &(0x7f0000000040)=@ready={0x0, 0x0, 0x8, "1ae65a95", {0x1, 0xbf9, 0x6, 0x9c, 0x8}})

4.023227976s ago: executing program 33 (id=406):
r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0)
syz_usb_connect$cdc_ncm(0x2, 0x6f, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000202505a1a440000102030109025d00020100a0060904000001020d000006240600012005240001010d240f01000000000700ef030506241a05002a090581034000000301000002"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x10, &(0x7f0000000100)=@ready={0x0, 0x0, 0x8, "f897bfa1", {0x1, 0x9d, 0x8, 0x9, 0x5}})
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0xfffffffffffffd7e, &(0x7f0000000040)=@ready={0x0, 0x0, 0x8, "1ae65a95", {0x1, 0xbf9, 0x6, 0x9c, 0x8}})

1.210592171s ago: executing program 1 (id=419):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @mcast1, 0x81}, 0x1c)

1.150643333s ago: executing program 1 (id=420):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000006c0)={r0}, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0x11, &(0x7f00000008c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfffffffd}, [@call={0x85, 0x0, 0x0, 0xf}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1316}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x7, '\x00', 0x0, @fallback=0x19, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)

1.01927477s ago: executing program 1 (id=422):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0xa0, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x78, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_EXTHDR_OFFSET={0x8}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x40, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x30, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x2}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x8, 0x5, 0x0, 0x1, [@NFTA_DATA_VALUE={0x4}]}, @NFTA_BITWISE_MASK={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "8a95"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x114}}, 0x0)

938.776074ms ago: executing program 1 (id=424):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0xb, &(0x7f0000000a00)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000690000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300001cb4d0d6850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r0}, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc, 0x0, 0xffffffffffffffff, 0xfffffffd}, 0x50)

612.653196ms ago: executing program 1 (id=426):
syz_mount_image$nilfs2(&(0x7f0000000dc0), &(0x7f0000000e00)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0093d84f10fc3e1ec648b776cb7f8081d09ad0cc63a23840b824f920b21981285520a35f491e6934193661e8f46d"], 0x1, 0xd99, &(0x7f0000000e80)="$eJzs3UtvXNUdAPBzx544LxqHmMZN09glpbiP2CRYpbsaKV2gSqgSnwClgYYa+ghdgIKUsOi2kRAfoIh9F31mgRSxSsWmVb8AYtVNipBoG1UCI9vnjMf/zOjOOLbH4/n9pDtn7v2fe88587hz575OAkZWY+1xcXG6SuntW29dvDcz/r/VKTOtHLNrj+N5bCml1GzNl9JkWN7SxHr62SfXLrWnn+e0ShdSlarW9PTs3da8R1JK19Nsup0m03Mfn7z50gfPLL934saJi2/M3dmZ1gMAwGi596N3f/m3x3947fj/f39mKU20ppft86U8fjRv9y9V6+M5af0PqNrSqm28OBDyjeehEfKNdcjXXk4z5BvvUv6BsNxml3wTNeWPtU3r1G4YZhv/46vG/KbxRmN+fv0/+aoPxw5U869cWX7h6oAqCmy7T2fyLj6DwTByw8qxQa+BANbF44b3uR73LDyY1tLGeyv/7tONzvPDNtjtz7/yh6v8d29Y47B99uunqbSrfI+O5vF4HGE8zNfv978sLx6PaPZYz27HEYbl+EK3eo7tcj22qlv94+div/paTsvrcCbE278/8T0dlvcY6Oye/f8Gw8gOK4NeAQF7VjxvbiUr8XheX4xP1MQP1sQP1cQP18SP1MRhlP3h1d+mm9XG//z4n77f/WFlP9tDOf1Sn/WJ+yP7LT+e99uvBy0/nk8Me9rcf09/+uvbf4/n/38ezv8/m39LJ/MKouwvjPvVW+f+hwuDG13yPRyq81CH/GvPpzbnq6Y2lpPa1jP31WN683zHuuU7vTnfZMh3OG+LHAz1jdsnh8N8ZfujrFfL6zUe2tsM7TgQ6lHemeM5PRjac7xbu8KO7AMhXzMPJ0K7pkK7HgnzfTm0q5re3K64/7zU52SYHo+TlHzhbbvvdym+F/G6jEdz+mZO38np+zn9qEO5o6h8Hrud/18+n9OpWb1wZfnyE3m8fE7vjDUnVqef3+V6Aw+u1+t/ptPm63+OtqY3G+3rhWMb06v29cJkmH6hy/Qn83j5Pfvp2KG16fOXfr78k+1uPIy4q6+9/rPnl5cv/8oTTzzxpPVk0GsmYKctvPryLxauvvb6uSsvP//i5Rcvv3L+ie9/78mnnlpcWNuqX2jftgf2l40f/UHXBAAAAAAAAAAAAOhZdajz5JzW3d+2XE9erk+P18czHMr7Vj4N5T4G5frPbvd1KddvHt+FOrL9duNyokG3Eejs3+7/azCM7LCy4i7+wN4w6P7/yn0PS3r03D+Prw4l292nN68v4/0L4UHs9f7nlL+/+v9r9X/V8/ov9Jg1ubVy/3jv0D/aik2nei0/tr/cB3aqv/L/lMsvrXks9Vb+yu9C+fFGpT36cyj/cI/l39f+01sr/y+5/PKyzZ3ttfz1GleNzfWI+43LfQDjfuPir6H95d5+fbd/ix213crlwygbln4m+zUs/X92U5Zb1oN59dw6Tlfuvx37O+i3/uW+3+V34JGw/Krm903/n8Otrv/P8vlb0P8n7DsfOv5nMIzssLKyMtCuT0a135W9YtCv/6C3IQdd/qBf/zqx/8/4fyn2/xnjsf/PGI/9f8Z47F8rxmP/n/H1jP1/xvjJsNzYP+h0TfwrNfFTNfGv1sRP18Tj/7cYn62Jn6mJz9TEH66JP1oTP1sT/0ZN/LGa+OM18bma+H739ZyOavthlMV+I33/YXSU4z/dvv9TNXFgeMV+neP3+5s1cWB4lfM8fL9hBFWd79gR97eX/bhv5vSdnL6f0492rILshm/l9Ns5/U5Ov5vTczmdz+lCTvUNOdx+869TZ25WG+f5HQvxXs8njdcDxPvEnO+xPvH4XL/ns57ssZydKn+Ll4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADI3G2uPi4nSV0tu33rr4n6kf/Hh1ykwrx+za43geW0opNVNKVR4fD8u7PrGefvbJtUud0ipdWHss4+nZu615j6zOn2bT7TSZnvv45M2XPnhm+b0TN05cfGPuzs60HgAAAEbDFwEAAP//ManlwQ==")
r0 = open(&(0x7f0000002240)='.\x00', 0x4800, 0x122)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40106e8c, &(0x7f0000000680)={0x3, 0x7, 0x2000, 0x7, 0x9, 0x10, 0x2401})

544.946695ms ago: executing program 2 (id=428):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xffffffffffffff5c, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4002001}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @socket={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0)

375.444205ms ago: executing program 2 (id=429):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x8001af85, 0x0)

309.75402ms ago: executing program 1 (id=430):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
syz_usbip_server_init(0x4)

258.975038ms ago: executing program 2 (id=431):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000004c0)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1, 0x840, 0x0, {}, {0x77359400}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ef1d62ee7e923b0ad9cda5b28dd4753620a2f0271768a8284c18a4e2b5e44dc77098b18fd964df81213608ec503db52d42f1a78c97322f4ae4c8dc89cf2b1440"}}, 0x80}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1, 0x140, 0x4, {}, {0x77359400}, {0x3, 0x1, 0x1}, 0x1, @can={{0x4, 0x1}, 0x3, 0x0, 0x0, 0x0, "1fae97c41e81d2d3"}}, 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x800)
sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x1, 0x401, 0x3, {}, {0x0, 0x2710}, {0x3, 0x1, 0x1, 0x1}, 0x1, @can={{0x4, 0x0, 0x0, 0x1}, 0x7, 0x2, 0x0, 0x0, "d467aef0f23fe738"}}, 0x48}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000)

150.374749ms ago: executing program 2 (id=432):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f00000002c0), 0x202)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000300)={0x0, 0x9e5, 0x0, [0x7ff, 0x7, 0x5, 0x5, 0x9], [0x2, 0x0, 0x3480, 0x10000, 0xd, 0x0, 0xfff, 0x8001, 0x1f9, 0xfffffffffffffffd, 0x2, 0x1, 0x7da, 0x0, 0x2, 0x5, 0x8, 0x8, 0x7ff, 0x9, 0xf5, 0xffffffffffffffc0, 0x100000000, 0x3, 0x8000, 0x0, 0x7, 0x0, 0x8, 0xfffffffffffffff9, 0x5, 0x0, 0x0, 0x0, 0x80, 0x6, 0x0, 0x0, 0x9, 0x401, 0x2896, 0x0, 0xffffffffffffff81, 0x100000000, 0x18, 0x2, 0x2, 0x10001, 0x4, 0x6, 0x0, 0x89, 0x2, 0xfffffffffffffffe, 0x5, 0x1a1, 0xff, 0x7ff, 0x2, 0x2, 0x8, 0xc, 0x200, 0x9, 0x0, 0x2, 0xe, 0x3, 0x9, 0x1, 0xc, 0x1c00000000, 0x4, 0x7, 0x5f, 0x7, 0x1ff, 0x7531, 0x6, 0x3, 0x66, 0x9, 0x8, 0x3, 0x7, 0x2, 0x3, 0x0, 0x100, 0x985, 0x9, 0xffffffff, 0x5, 0xf7, 0x6, 0xf85e, 0x5, 0x7f, 0x6, 0x8, 0x0, 0x3, 0xff, 0xbcba, 0x0, 0x5, 0x6, 0x81, 0x401, 0x5, 0x5, 0x3, 0x5, 0x3, 0x9, 0x2447, 0x200, 0x6, 0x9, 0xb, 0x7f]})
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x48})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff8000000c, "00000000ffffffe3", "71000000009f00000000000000a4c800", 0x800000})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

58.335558ms ago: executing program 2 (id=433):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={0x18, 0x3d, 0x701, 0x10, 0x0, {0x3}, [@nested={0x4, 0x140}]}, 0x18}}, 0x880)

0s ago: executing program 2 (id=434):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x28, r1, 0x5, 0x3, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}}, 0x0)

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:1671' (ED25519) to the list of known hosts.
syzkaller login: [   55.628497][ T5775] cgroup: Unknown subsys name 'net'
[   55.692820][ T5775] cgroup: Unknown subsys name 'cpuset'
[   55.697144][ T5775] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   57.494232][ T5775] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.162797][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.164902][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   86.525538][   T10] cfg80211: failed to load regulatory.db
[   92.144772][ T5874] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   92.850931][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.856626][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.872192][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   92.875044][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   92.907695][ T5932] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   97.116700][ T5945] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   97.120788][ T5945] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   97.124588][ T5945] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   97.130653][ T5945] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   97.134356][ T5945] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   97.188943][   T55] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   97.192749][   T55] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   97.195592][   T55] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   97.198791][   T55] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   97.203207][   T55] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   97.224537][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   97.228317][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   97.232103][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   97.235975][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   97.239575][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   97.666805][ T5947] chnl_net:caif_netlink_parms(): no params data found
[   97.696069][ T5944] chnl_net:caif_netlink_parms(): no params data found
[   97.835016][ T5947] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.838526][ T5947] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.842423][ T5947] bridge_slave_0: entered allmulticast mode
[   97.846222][ T5947] bridge_slave_0: entered promiscuous mode
[   97.872078][ T5947] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.874268][ T5947] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.876594][ T5947] bridge_slave_1: entered allmulticast mode
[   97.879439][ T5947] bridge_slave_1: entered promiscuous mode
[   97.913308][ T5950] chnl_net:caif_netlink_parms(): no params data found
[   97.919859][ T5944] bridge0: port 1(bridge_slave_0) entered blocking state
[   97.923335][ T5944] bridge0: port 1(bridge_slave_0) entered disabled state
[   97.926188][ T5944] bridge_slave_0: entered allmulticast mode
[   97.929884][ T5944] bridge_slave_0: entered promiscuous mode
[   97.948318][ T5947] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   97.961622][ T5944] bridge0: port 2(bridge_slave_1) entered blocking state
[   97.963831][ T5944] bridge0: port 2(bridge_slave_1) entered disabled state
[   97.965952][ T5944] bridge_slave_1: entered allmulticast mode
[   97.968612][ T5944] bridge_slave_1: entered promiscuous mode
[   97.974866][ T5947] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.058615][ T5947] team0: Port device team_slave_0 added
[   98.071598][ T5944] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.076536][ T5947] team0: Port device team_slave_1 added
[   98.090292][ T5944] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.167167][ T5944] team0: Port device team_slave_0 added
[   98.171780][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.174275][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.185126][ T5947] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.189992][ T5950] bridge0: port 1(bridge_slave_0) entered blocking state
[   98.193643][ T5950] bridge0: port 1(bridge_slave_0) entered disabled state
[   98.196489][ T5950] bridge_slave_0: entered allmulticast mode
[   98.200485][ T5950] bridge_slave_0: entered promiscuous mode
[   98.206179][ T5944] team0: Port device team_slave_1 added
[   98.208864][ T5947] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.211941][ T5947] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.220666][ T5947] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.224488][ T5950] bridge0: port 2(bridge_slave_1) entered blocking state
[   98.227247][ T5950] bridge0: port 2(bridge_slave_1) entered disabled state
[   98.230040][ T5950] bridge_slave_1: entered allmulticast mode
[   98.234542][ T5950] bridge_slave_1: entered promiscuous mode
[   98.288700][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.291293][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.300363][ T5944] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.306356][ T5944] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.308953][ T5944] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.318628][ T5944] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.324657][ T5950] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   98.345945][ T5950] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   98.364888][ T5947] hsr_slave_0: entered promiscuous mode
[   98.367944][ T5947] hsr_slave_1: entered promiscuous mode
[   98.426103][ T5950] team0: Port device team_slave_0 added
[   98.433338][ T5944] hsr_slave_0: entered promiscuous mode
[   98.435676][ T5944] hsr_slave_1: entered promiscuous mode
[   98.437811][ T5944] debugfs: 'hsr0' already exists in 'hsr'
[   98.439792][ T5944] Cannot create hsr debugfs directory
[   98.453327][ T5950] team0: Port device team_slave_1 added
[   98.545549][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_0
[   98.548268][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.557434][ T5950] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   98.573192][ T5950] batman_adv: batadv0: Adding interface: batadv_slave_1
[   98.575449][ T5950] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   98.585197][ T5950] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   98.646763][ T5950] hsr_slave_0: entered promiscuous mode
[   98.649103][ T5950] hsr_slave_1: entered promiscuous mode
[   98.651313][ T5950] debugfs: 'hsr0' already exists in 'hsr'
[   98.653122][ T5950] Cannot create hsr debugfs directory
[   98.797078][ T5944] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   98.804048][ T5944] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   98.845597][ T5944] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   98.858985][ T5944] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   98.922322][ T5947] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   98.944897][ T5947] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   98.958932][ T5947] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   98.966764][ T5947] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   99.028629][ T5950] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   99.034021][ T5950] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   99.039832][ T5950] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   99.054293][ T5950] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   99.127676][ T5944] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.172387][ T5944] 8021q: adding VLAN 0 to HW filter on device team0
[   99.189198][ T5191] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.192065][ T5191] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.210080][ T5191] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.212892][ T5191] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.221861][ T5947] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.241864][   T55] Bluetooth: hci1: command tx timeout
[   99.241871][ T5945] Bluetooth: hci0: command tx timeout
[   99.274771][ T5950] 8021q: adding VLAN 0 to HW filter on device bond0
[   99.282445][ T5947] 8021q: adding VLAN 0 to HW filter on device team0
[   99.306817][ T5191] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.309712][ T5191] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.320544][   T55] Bluetooth: hci2: command tx timeout
[   99.329058][ T5950] 8021q: adding VLAN 0 to HW filter on device team0
[   99.341931][ T5191] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.344689][ T5191] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.363730][ T5191] bridge0: port 1(bridge_slave_0) entered blocking state
[   99.366379][ T5191] bridge0: port 1(bridge_slave_0) entered forwarding state
[   99.371835][ T5191] bridge0: port 2(bridge_slave_1) entered blocking state
[   99.374347][ T5191] bridge0: port 2(bridge_slave_1) entered forwarding state
[   99.620456][ T5944] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.667898][ T5947] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.678252][ T5950] 8021q: adding VLAN 0 to HW filter on device batadv0
[   99.721068][ T5944] veth0_vlan: entered promiscuous mode
[   99.756298][ T5944] veth1_vlan: entered promiscuous mode
[   99.761633][ T5947] veth0_vlan: entered promiscuous mode
[   99.779478][ T5950] veth0_vlan: entered promiscuous mode
[   99.785902][ T5947] veth1_vlan: entered promiscuous mode
[   99.809064][ T5950] veth1_vlan: entered promiscuous mode
[   99.818494][ T5947] veth0_macvtap: entered promiscuous mode
[   99.831410][ T5947] veth1_macvtap: entered promiscuous mode
[   99.851948][ T5944] veth0_macvtap: entered promiscuous mode
[   99.863703][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.876087][ T5947] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.881974][ T5944] veth1_macvtap: entered promiscuous mode
[   99.901590][ T5955] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.906387][ T5955] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   99.915033][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_0
[   99.917983][ T5938] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   99.932762][ T5950] veth0_macvtap: entered promiscuous mode
[   99.943015][ T5938] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   99.949022][ T5944] batman_adv: batadv0: Interface activated: batadv_slave_1
[   99.968679][ T5950] veth1_macvtap: entered promiscuous mode
[   99.984558][ T5938] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   99.998413][ T5938] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.003256][ T5938] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.006582][ T5938] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.026948][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_0
[  100.043715][ T5950] batman_adv: batadv0: Interface activated: batadv_slave_1
[  100.079296][   T40] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.085997][   T40] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.097467][ T5742] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  100.115257][ T5742] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  100.121269][ T5742] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  100.139332][ T5742] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  100.165189][   T40] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.169790][   T40] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.230272][   T26] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.237778][   T26] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.291661][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.294732][ T6008] netlink: 'syz.2.76': attribute type 8 has an invalid length.
[  100.294833][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.346808][ T1090] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.349925][ T1090] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.395334][   T26] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  100.399281][   T26] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  100.761189][  T792] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  100.947707][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.952196][  T792] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.960384][  T792] usb 2-1: New USB device found, idVendor=056a, idProduct=030c, bcdDevice= 0.00
[  100.971779][  T792] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.989242][  T792] usb 2-1: config 0 descriptor??
[  101.208721][ T6046] netlink: 'syz.0.93': attribute type 2 has an invalid length.
[  101.321170][   T55] Bluetooth: hci1: command tx timeout
[  101.322354][ T5945] Bluetooth: hci0: command tx timeout
[  101.400475][ T5945] Bluetooth: hci2: command tx timeout
[  101.477693][ T6056] loop2: detected capacity change from 0 to 2048
[  101.507522][ T6056] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  101.625288][  T792] usb 2-1: USB disconnect, device number 2
[  101.763396][ T6064] loop0: detected capacity change from 0 to 1024
[  101.845387][ T6064] hfsplus: bad catalog entry type
[  101.897587][ T1090] hfsplus: b-tree write err: -5, ino 4
[  102.234855][ T6080] process 'syz.1.110' launched './file0' with NULL argv: empty string added
[  102.290505][  T792] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  102.310799][   T33] audit: type=1326 audit(1758564001.773:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.322615][ T6085] loop1: detected capacity change from 0 to 64
[  102.325845][ T6085] =======================================================
[  102.325845][ T6085] WARNING: The mand mount option has been deprecated and
[  102.325845][ T6085]          and is ignored by this kernel. Remove the mand
[  102.325845][ T6085]          option from the mount to silence this warning.
[  102.325845][ T6085] =======================================================
[  102.341717][   T33] audit: type=1326 audit(1758564001.783:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.349935][   T33] audit: type=1326 audit(1758564001.783:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.362794][   T33] audit: type=1326 audit(1758564001.783:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.390377][   T33] audit: type=1326 audit(1758564001.783:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.404755][   T33] audit: type=1326 audit(1758564001.783:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.414676][   T33] audit: type=1326 audit(1758564001.823:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.424371][   T33] audit: type=1326 audit(1758564001.833:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.434956][   T33] audit: type=1326 audit(1758564001.833:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.450572][   T33] audit: type=1326 audit(1758564001.833:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6083 comm="syz.2.111" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x7ffc0000
[  102.453708][  T792] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  102.462607][  T792] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  102.472982][  T792] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  102.479099][  T792] usb 1-1: config 0 descriptor??
[  102.811045][ T6004] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  102.894831][  T792] pyra 0003:1E7D:2CF6.0002: item fetching failed at offset 0/3
[  102.898606][  T792] pyra 0003:1E7D:2CF6.0002: parse failed
[  102.901190][  T792] pyra 0003:1E7D:2CF6.0002: probe with driver pyra failed with error -22
[  102.970881][ T6004] usb 3-1: Using ep0 maxpacket: 32
[  102.977452][ T6004] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  102.993436][ T6004] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  103.007011][ T6004] usb 3-1: config 0 descriptor??
[  103.112461][   T10] usb 1-1: USB disconnect, device number 2
[  103.223467][ T6004] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  103.239476][ T6004] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  103.246276][ T6004] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  103.252612][ T6004] usb 3-1: media controller created
[  103.283632][ T6004] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  103.400807][ T5945] Bluetooth: hci0: command tx timeout
[  103.401692][   T55] Bluetooth: hci1: command tx timeout
[  103.427590][ T6004] az6027: usb out operation failed. (-71)
[  103.433756][ T6004] az6027: usb out operation failed. (-71)
[  103.435970][ T6004] stb0899_attach: Driver disabled by Kconfig
[  103.439635][ T6107] random: crng reseeded on system resumption
[  103.446706][ T6004] az6027: no front-end attached
[  103.446706][ T6004] 
[  103.455589][ T6004] az6027: usb out operation failed. (-71)
[  103.457845][ T6004] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  103.465550][ T6004] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input4
[  103.476587][ T6004] dvb-usb: schedule remote query interval to 400 msecs.
[  103.479364][ T6004] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  103.482913][   T55] Bluetooth: hci2: command tx timeout
[  103.492410][ T6004] usb 3-1: USB disconnect, device number 2
[  103.574262][ T6004] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  104.026247][ T6124] netlink: 44 bytes leftover after parsing attributes in process `syz.1.131'.
[  104.130675][ T5990] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  104.281407][ T6004] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  104.294599][ T5990] usb 1-1: unable to get BOS descriptor or descriptor too short
[  104.297927][ T5990] usb 1-1: not running at top speed; connect to a high speed hub
[  104.302502][ T5990] usb 1-1: config 1 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  104.306628][ T5990] usb 1-1: config 1 interface 0 has no altsetting 0
[  104.309125][ T5990] usb 1-1: language id specifier not provided by device, defaulting to English
[  104.318164][ T5990] usb 1-1: New USB device found, idVendor=046d, idProduct=c227, bcdDevice= 0.40
[  104.321444][ T5990] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.324216][ T5990] usb 1-1: Product: syz
[  104.325520][ T5990] usb 1-1: SerialNumber: syz
[  104.579763][ T5990] usbhid 1-1:1.0: can't add hid device: -71
[  104.583464][ T5990] usbhid 1-1:1.0: probe with driver usbhid failed with error -71
[  104.598694][ T5990] usb 1-1: USB disconnect, device number 3
[  105.160004][ T6145] loop0: detected capacity change from 0 to 512
[  105.162591][ T6004] usb 3-1: Using ep0 maxpacket: 8
[  105.168485][ T6145] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  105.178110][ T6145] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  105.188801][ T6004] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00
[  105.192072][ T6004] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  105.194514][ T6004] usb 3-1: Product: syz
[  105.196076][ T6004] usb 3-1: Manufacturer: syz
[  105.213522][ T6004] usb 3-1: SerialNumber: syz
[  105.216632][ T6145] EXT4-fs error (device loop0): ext4_orphan_get:1418: comm syz.0.139: bad orphan inode 131083
[  105.222161][ T6004] usb 3-1: config 0 descriptor??
[  105.226296][ T6004] radio-usb-si4713 3-1:0.0: Si4713 development board discovered: (10C4:8244)
[  105.234915][ T6145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  105.260599][ T6145] overlayfs: upper fs needs to support d_type.
[  105.287058][ T6145] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 13: comm syz.0.139: path /: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  105.322999][ T5950] EXT4-fs error (device loop0): ext4_readdir:264: inode #2: block 13: comm syz-executor: path /21/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0
[  105.481288][   T55] Bluetooth: hci0: command tx timeout
[  105.484121][ T5945] Bluetooth: hci1: command tx timeout
[  105.603565][ T5950] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  105.651727][ T6004] radio-usb-si4713 3-1:0.0: probe with driver radio-usb-si4713 failed with error -71
[  105.653147][   T12] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.658037][ T6004] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  105.683283][ T6004] usb 3-1: USB disconnect, device number 3
[  105.754493][   T12] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.861088][   T12] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  105.940389][   T12] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  106.083458][   T12] bridge_slave_1: left allmulticast mode
[  106.085895][   T12] bridge_slave_1: left promiscuous mode
[  106.089388][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  106.104851][   T12] bridge_slave_0: left allmulticast mode
[  106.107127][   T12] bridge_slave_0: left promiscuous mode
[  106.111107][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  106.217662][ T5945] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  106.227489][ T5945] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  106.235062][ T5945] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  106.239036][ T5945] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  106.242914][ T5945] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  106.669376][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  106.675142][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  106.679142][   T12] bond0 (unregistering): Released all slaves
[  107.727293][   T12] hsr_slave_0: left promiscuous mode
[  107.738789][ T6208] loop2: detected capacity change from 0 to 512
[  107.740844][   T12] hsr_slave_1: left promiscuous mode
[  107.745409][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  107.749171][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  107.757229][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  107.763054][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  107.771131][ T6208] EXT4-fs warning (device loop2): ext4_xattr_inode_get:542: inode #11: comm syz.2.156: ea_inode file size=4 entry size=6
[  107.776828][ T6208] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  107.783206][ T6208] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.156: corrupted inode contents
[  107.789321][ T6208] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #15: comm syz.2.156: mark_inode_dirty error
[  107.794120][ T5990] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  107.799086][   T12] veth1_macvtap: left promiscuous mode
[  107.801263][ T6208] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #15: comm syz.2.156: corrupted inode contents
[  107.803324][   T12] veth0_macvtap: left promiscuous mode
[  107.805984][ T6208] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2991: inode #15: comm syz.2.156: mark_inode_dirty error
[  107.807678][   T12] veth1_vlan: left promiscuous mode
[  107.814299][   T12] veth0_vlan: left promiscuous mode
[  107.815690][ T6208] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2994: inode #15: comm syz.2.156: mark inode dirty (error -117)
[  107.823312][ T6208] EXT4-fs warning (device loop2): ext4_evict_inode:274: xattr delete (err -117)
[  107.826397][ T6208] EXT4-fs (loop2): 1 orphan inode deleted
[  107.831565][ T6208] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  107.885647][ T5947] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.949560][   T33] kauditd_printk_skb: 11 callbacks suppressed
[  107.949575][   T33] audit: type=1326 audit(1758564007.413:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6211 comm="syz.2.157" exe="/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7fc221785be7 code=0x0
[  107.961726][ T5990] usb 2-1: Using ep0 maxpacket: 32
[  107.965546][ T5990] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  107.969417][ T5990] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x32, changing to 0x2
[  107.973507][ T5990] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 108, setting to 64
[  107.977790][ T5990] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  107.985376][ T5990] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  107.988925][ T5990] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  107.992536][ T5990] usb 2-1: Product: syz
[  107.996574][ T5990] usb 2-1: Manufacturer: syz
[  107.998422][ T5990] usb 2-1: SerialNumber: syz
[  108.004409][ T5990] usb 2-1: config 0 descriptor??
[  108.021762][ T5990] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  108.224112][ T5990] usb 2-1: USB disconnect, device number 3
[  108.227995][ T5938] usb 2-1: Failed to submit usb control message: -71
[  108.231436][ T5938] usb 2-1: unable to send the bmi data to the device: -71
[  108.234804][ T5938] usb 2-1: unable to get target info from device
[  108.237465][ T5938] usb 2-1: could not get target info (-71)
[  108.245376][ T5938] usb 2-1: could not probe fw (-71)
[  108.281891][   T55] Bluetooth: hci2: command tx timeout
[  108.353912][   T12] team0 (unregistering): Port device team_slave_1 removed
[  108.381851][   T12] team0 (unregistering): Port device team_slave_0 removed
[  108.768926][ T6173] chnl_net:caif_netlink_parms(): no params data found
[  109.222447][ T6173] bridge0: port 1(bridge_slave_0) entered blocking state
[  109.266570][ T6173] bridge0: port 1(bridge_slave_0) entered disabled state
[  109.297178][ T6173] bridge_slave_0: entered allmulticast mode
[  109.431072][ T6173] bridge_slave_0: entered promiscuous mode
[  109.442719][ T6173] bridge0: port 2(bridge_slave_1) entered blocking state
[  109.456659][ T6173] bridge0: port 2(bridge_slave_1) entered disabled state
[  109.466741][ T6173] bridge_slave_1: entered allmulticast mode
[  109.490391][ T6173] bridge_slave_1: entered promiscuous mode
[  109.586239][ T6173] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  109.603612][ T6173] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  109.668176][ T6173] team0: Port device team_slave_0 added
[  109.673012][ T6173] team0: Port device team_slave_1 added
[  109.709007][ T6173] batman_adv: batadv0: Adding interface: batadv_slave_0
[  109.712095][ T6173] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.730996][ T6173] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  109.738651][ T6173] batman_adv: batadv0: Adding interface: batadv_slave_1
[  109.745255][ T6173] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  109.761066][ T6238] loop1: detected capacity change from 0 to 256
[  109.775324][ T6238] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  109.788823][   T33] audit: type=1800 audit(1758564009.253:24): pid=6238 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.158" name="file1" dev="loop1" ino=1048608 res=0 errno=0
[  109.821249][ T6173] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  109.953548][ T6173] hsr_slave_0: entered promiscuous mode
[  109.956684][ T6173] hsr_slave_1: entered promiscuous mode
[  109.959586][ T6173] debugfs: 'hsr0' already exists in 'hsr'
[  109.962005][ T6173] Cannot create hsr debugfs directory
[  110.242658][ T6252] loop2: detected capacity change from 0 to 128
[  110.257203][ T6252] EXT4-fs: Ignoring removed nomblk_io_submit option
[  110.269462][ T6252] EXT4-fs: Ignoring removed nomblk_io_submit option
[  110.312981][ T6252] EXT4-fs (loop2): Test dummy encryption mode enabled
[  110.325691][ T6252] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  110.327548][ T6173] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  110.338419][ T6252] ext4 filesystem being mounted at /36/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  110.350005][ T6173] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  110.360277][   T55] Bluetooth: hci2: command 0x041b tx timeout
[  110.404995][ T6173] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  110.435106][ T6173] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  110.585615][ T6252] fscrypt: AES-256-XTS using implementation "xts(ecb(aes-fixed-time))"
[  110.644758][ T6173] 8021q: adding VLAN 0 to HW filter on device bond0
[  110.646007][ T5947] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  110.695542][ T6277] sg_write: data in/out 512/1 bytes for SCSI command 0xb7-- guessing data in;
[  110.695542][ T6277]    program syz.1.170 not setting count and/or reply_len properly
[  110.737110][ T6173] 8021q: adding VLAN 0 to HW filter on device team0
[  110.759087][   T26] bridge0: port 1(bridge_slave_0) entered blocking state
[  110.762238][   T26] bridge0: port 1(bridge_slave_0) entered forwarding state
[  110.808126][   T26] bridge0: port 2(bridge_slave_1) entered blocking state
[  110.810878][   T26] bridge0: port 2(bridge_slave_1) entered forwarding state
[  110.954188][ T6289] syz.1.175 uses obsolete (PF_INET,SOCK_PACKET)
[  110.961099][ T6289] Bluetooth: MGMT ver 1.23
[  111.069150][ T6298] netlink: 'syz.2.177': attribute type 1 has an invalid length.
[  111.074340][ T6298] netlink: 244 bytes leftover after parsing attributes in process `syz.2.177'.
[  111.139045][ T6173] 8021q: adding VLAN 0 to HW filter on device batadv0
[  111.188780][ T6173] veth0_vlan: entered promiscuous mode
[  111.209107][ T6173] veth1_vlan: entered promiscuous mode
[  111.317074][ T6308] 9pnet_virtio: no channels available for device 127.0.0.1
[  111.322451][ T6173] veth0_macvtap: entered promiscuous mode
[  111.339953][ T6173] veth1_macvtap: entered promiscuous mode
[  111.424640][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_0
[  111.461428][ T6173] batman_adv: batadv0: Interface activated: batadv_slave_1
[  111.499552][   T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  111.507834][   T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  111.547485][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  111.559651][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  111.665335][ T6315] loop2: detected capacity change from 0 to 164
[  111.674575][  T165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.688074][  T165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.700307][ T6315] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  111.767590][ T6315] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  111.777421][  T165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  111.783486][ T6315] Symlink component flag not implemented
[  111.787043][  T165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  111.794686][ T6315] Symlink component flag not implemented
[  111.809779][ T6315] rock: corrupted directory entry. extent=28, offset=16056320, size=0
[  111.819530][ T6315] rock: directory entry would overflow storage
[  111.827764][ T6315] rock: sig=0x4f50, size=4, remaining=3
[  111.834932][ T6315] iso9660: Corrupted directory entry in block 4 of inode 1792
[  111.844742][ T6315] Symlink component flag not implemented (7)
[  111.849563][ T6315] Symlink component flag not implemented (116)
[  112.268124][ T6321] loop3: detected capacity change from 0 to 4096
[  112.445482][   T55] Bluetooth: hci2: command 0x041b tx timeout
[  112.467001][ T6333] xfrm0: entered promiscuous mode
[  112.469472][ T6333] xfrm0: entered allmulticast mode
[  112.692103][ T6340] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  113.077926][ T6348] warning: `syz.2.198' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  113.458840][ T6352] loop2: detected capacity change from 0 to 256
[  113.572829][ T6352] FAT-fs (loop2): Directory bread(block 64) failed
[  113.576156][ T6352] FAT-fs (loop2): Directory bread(block 65) failed
[  113.587446][ T6352] FAT-fs (loop2): Directory bread(block 66) failed
[  113.597114][ T6352] FAT-fs (loop2): Directory bread(block 67) failed
[  113.607312][ T6352] FAT-fs (loop2): Directory bread(block 68) failed
[  113.615624][ T6352] FAT-fs (loop2): Directory bread(block 69) failed
[  113.625369][ T6352] FAT-fs (loop2): Directory bread(block 70) failed
[  113.628644][ T6352] FAT-fs (loop2): Directory bread(block 71) failed
[  113.631834][ T6352] FAT-fs (loop2): Directory bread(block 72) failed
[  113.634901][ T6352] FAT-fs (loop2): Directory bread(block 73) failed
[  113.770485][   T33] audit: type=1800 audit(1758564013.243:25): pid=6352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.200" name="bus" dev="loop2" ino=1048613 res=0 errno=0
[  113.872412][ T6354] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  114.163745][ T6358] netlink: 868 bytes leftover after parsing attributes in process `syz.1.204'.
[  114.524611][   T55] Bluetooth: hci2: command 0x041b tx timeout
[  114.606383][ T6378] capability: warning: `syz.2.212' uses 32-bit capabilities (legacy support in use)
[  114.615169][ T6378] program syz.2.212 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  114.751126][ T6362] loop3: detected capacity change from 0 to 40427
[  114.758535][ T6362] F2FS-fs (loop3): build fault injection rate: 771
[  114.791327][ T6362] F2FS-fs (loop3): invalid crc value
[  114.853412][ T6362] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  114.859279][ T6362] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  114.990301][   T24] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  115.140254][   T24] usb 3-1: Using ep0 maxpacket: 16
[  115.144751][   T24] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  115.149303][   T24] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0
[  115.155124][   T24] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  115.167815][   T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  115.173866][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.177205][   T24] usb 3-1: Product: syz
[  115.187507][   T24] usb 3-1: Manufacturer: syz
[  115.189464][   T24] usb 3-1: SerialNumber: syz
[  115.235230][ T6369] delete_channel: no stack
[  115.429230][ T6397] netlink: 24 bytes leftover after parsing attributes in process `syz.3.220'.
[  115.445348][ T6397] loop3: detected capacity change from 0 to 512
[  115.450799][ T6397] EXT4-fs warning (device loop3): ext4_multi_mount_protect:292: Invalid MMP block in superblock
[  115.607717][   T24] usb 3-1: 2:1 : format type 0 is detected, processed as PCM
[  115.612100][   T33] audit: type=1326 audit(1758564015.073:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  115.621020][ T5768] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  115.624572][   T33] audit: type=1326 audit(1758564015.083:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=459 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  115.639678][   T33] audit: type=1326 audit(1758564015.083:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  115.653201][   T33] audit: type=1326 audit(1758564015.083:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  115.663507][   T33] audit: type=1326 audit(1758564015.083:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=265 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  115.674654][   T33] audit: type=1326 audit(1758564015.083:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  115.683117][   T33] audit: type=1326 audit(1758564015.083:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.3.222" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  115.703437][ T6404] mmap: syz.3.223 (6404) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  115.783694][ T5768] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  115.788550][ T5768] usb 2-1: config 220 has 0 interfaces, different from the descriptor's value: 3
[  115.796935][ T5768] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  115.801529][ T5768] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  115.806241][ T5768] usb 2-1: Product: syz
[  115.807913][ T5768] usb 2-1: Manufacturer: syz
[  115.809739][ T5768] usb 2-1: SerialNumber: syz
[  116.033466][ T5768] usb 2-1: USB disconnect, device number 4
[  116.069287][ T6413] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  116.083124][ T6413] fanotify: failed to encode fid (type=0, len=0, err=-2)
[  116.386943][ T6415] loop3: detected capacity change from 0 to 32768
[  116.418550][   T24] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82
[  116.438736][ T6415] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  116.516571][   T24] usb 3-1: USB disconnect, device number 4
[  116.535552][ T6173] ocfs2: Unmounting device (7,3) on (node local)
[  116.602399][   T55] Bluetooth: hci2: command 0x041b tx timeout
[  116.660500][ T5935] udevd[5935]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  116.736923][ T6424] binder: 6423:6424 ioctl c00c6211 ffffffffffffffff returned -14
[  116.848395][ T6431] loop3: detected capacity change from 0 to 1024
[  116.946205][ T6433] netlink: 'syz.1.231': attribute type 9 has an invalid length.
[  116.949571][ T6433] netlink: 'syz.1.231': attribute type 7 has an invalid length.
[  116.952965][ T6433] netlink: 'syz.1.231': attribute type 8 has an invalid length.
[  117.026636][ T6431] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  117.058359][ T6431] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (38281!=20869)
[  117.099036][ T6431] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  117.191846][ T6431] EXT4-fs error (device loop3): ext4_ext_check_inode:523: inode #3: comm syz.3.232: pblk 82 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  117.255739][ T6431] EXT4-fs (loop3): no journal found
[  117.289090][ T6431] EXT4-fs (loop3): can't get journal size
[  117.312721][ T6431] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  117.369094][ T6436] loop2: detected capacity change from 0 to 512
[  117.394244][ T6436] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.233: casefold flag without casefold feature
[  117.399286][ T6436] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.233: couldn't read orphan inode 15 (err -117)
[  117.401287][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.405557][ T6436] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  117.465451][ T5947] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  117.800004][ T6451] loop1: detected capacity change from 0 to 4096
[  117.818105][ T6451] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  117.852963][ T6451] ntfs3(loop1): ino=19, mi_enum_attr
[  117.856970][ T6451] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  118.512633][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.516204][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.520074][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.530025][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.535024][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.538670][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.553741][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.564068][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.578206][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.585912][ T6465] netlink: 8 bytes leftover after parsing attributes in process `syz.1.245'.
[  118.979384][ T6473] loop3: detected capacity change from 0 to 2048
[  119.019017][ T6470] loop1: detected capacity change from 0 to 4096
[  119.029531][ T6470] ntfs3(loop1): Different NTFS sector size (2048) and media sector size (512).
[  119.067093][ T6470] ntfs3(loop1): Failed to load $Bitmap (-22).
[  119.076712][ T6474] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  119.115972][ T6473] CPU: 0 UID: 0 PID: 6473 Comm: syz.3.249 Not tainted syzkaller #0 PREEMPT(full) 
[  119.116011][ T6473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  119.116020][ T6473] Call Trace:
[  119.116027][ T6473]  <TASK>
[  119.116034][ T6473]  dump_stack_lvl+0x189/0x250
[  119.116064][ T6473]  ? rcu_is_watching+0x15/0xb0
[  119.116081][ T6473]  ? __pfx_dump_stack_lvl+0x10/0x10
[  119.116094][ T6473]  ? kmem_cache_alloc_noprof+0x21a/0x3c0
[  119.116115][ T6473]  ? __asan_memset+0x22/0x50
[  119.116132][ T6473]  ? nilfs_btree_alloc_path+0x5e5/0x610
[  119.116155][ T6473]  nilfs_btree_last_key+0x491/0x620
[  119.116176][ T6473]  nilfs_bmap_last_key+0x7a/0x130
[  119.116197][ T6473]  nilfs_truncate_bmap+0xfe/0x340
[  119.116213][ T6473]  ? __pfx_nilfs_truncate_bmap+0x10/0x10
[  119.116229][ T6473]  ? nilfs_transaction_begin+0x52a/0x710
[  119.116245][ T6473]  ? __pfx_nilfs_get_block+0x10/0x10
[  119.116269][ T6473]  nilfs_truncate+0x279/0x4e0
[  119.116292][ T6473]  ? __pfx_nilfs_truncate+0x10/0x10
[  119.116317][ T6473]  ? truncate_setsize+0xcf/0xf0
[  119.116337][ T6473]  nilfs_setattr+0x206/0x2b0
[  119.116352][ T6473]  ? __pfx_nilfs_setattr+0x10/0x10
[  119.116369][ T6473]  ? try_break_deleg+0x79/0x130
[  119.116384][ T6473]  ? __pfx_nilfs_setattr+0x10/0x10
[  119.116398][ T6473]  notify_change+0xb36/0xe40
[  119.116430][ T6473]  do_truncate+0x1a4/0x220
[  119.116453][ T6473]  ? __pfx_do_truncate+0x10/0x10
[  119.116496][ T6473]  ? apparmor_file_truncate+0x23e/0x2d0
[  119.116534][ T6473]  path_openat+0x306c/0x3830
[  119.116552][ T6473]  ? arch_stack_walk+0xfc/0x150
[  119.116597][ T6473]  ? __pfx_path_openat+0x10/0x10
[  119.116611][ T6473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.116643][ T6473]  do_filp_open+0x1fa/0x410
[  119.116659][ T6473]  ? __lock_acquire+0xab9/0xd20
[  119.116680][ T6473]  ? __pfx_do_filp_open+0x10/0x10
[  119.116714][ T6473]  ? _raw_spin_unlock+0x28/0x50
[  119.116733][ T6473]  ? alloc_fd+0x64c/0x6c0
[  119.116763][ T6473]  do_sys_openat2+0x121/0x1c0
[  119.116777][ T6473]  ? __se_sys_futex+0x36f/0x400
[  119.116793][ T6473]  ? __pfx_do_sys_openat2+0x10/0x10
[  119.116811][ T6473]  ? rcu_is_watching+0x15/0xb0
[  119.116830][ T6473]  __x64_sys_open+0x11e/0x150
[  119.116850][ T6473]  do_syscall_64+0xfa/0x3b0
[  119.116867][ T6473]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.116878][ T6473]  ? asm_sysvec_call_function_single+0x1a/0x20
[  119.116896][ T6473]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  119.116908][ T6473] RIP: 0033:0x7f455298ec29
[  119.116922][ T6473] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  119.116933][ T6473] RSP: 002b:00007f45537ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[  119.116948][ T6473] RAX: ffffffffffffffda RBX: 00007f4552bd5fa0 RCX: 00007f455298ec29
[  119.116958][ T6473] RDX: 0000000000000194 RSI: 0000000000106241 RDI: 00002000000006c0
[  119.116967][ T6473] RBP: 00007f4552a11e41 R08: 0000000000000000 R09: 0000000000000000
[  119.116976][ T6473] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  119.116984][ T6473] R13: 00007f4552bd6038 R14: 00007f4552bd5fa0 R15: 00007fff23eef3d8
[  119.117007][ T6473]  </TASK>
[  119.117074][ T6473] NILFS (loop3): btree level mismatch (ino=16): 1 != 7
[  119.214688][ T6476] team_slave_0: entered promiscuous mode
[  119.231332][ T6473] NILFS error (device loop3): nilfs_bmap_last_key: broken bmap (inode number=16)
[  119.232366][ T6476] team_slave_1: entered promiscuous mode
[  119.239500][ T6473] Remounting filesystem read-only
[  119.259747][ T6476] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  119.269678][ T6473] NILFS (loop3): error -5 truncating bmap (ino=16)
[  119.371727][ T6476] 8021q: adding VLAN 0 to HW filter on device macvlan3
[  119.440102][ T6173] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  119.520019][ T6478] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  119.778784][ T6494] loop3: detected capacity change from 0 to 512
[  119.789237][ T6494] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  119.811900][ T6494] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.259: corrupted in-inode xattr: e_value size too large
[  119.842640][ T6494] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.259: couldn't read orphan inode 15 (err -117)
[  119.853596][ T6494] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  120.230409][ T6501] loop1: detected capacity change from 0 to 40427
[  120.343751][ T6504] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.259: corrupted in-inode xattr: e_value size too large
[  120.368807][ T6501] F2FS-fs (loop1): invalid crc value
[  120.541663][ T5768] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  120.561832][ T6501] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  120.586560][ T6501] F2FS-fs (loop1): Start checkpoint disabled!
[  120.720999][ T6501] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  120.848975][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  120.870281][ T5768] usb 3-1: config 0 has an invalid interface number: 41 but max is 0
[  121.006724][ T5768] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  121.011047][ T5768] usb 3-1: config 0 has no interface number 0
[  121.028365][ T5768] usb 3-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  121.035648][ T5768] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.039100][ T5768] usb 3-1: Product: syz
[  121.044992][ T5768] usb 3-1: Manufacturer: syz
[  121.046863][ T5768] usb 3-1: SerialNumber: syz
[  121.062861][ T5768] usb 3-1: config 0 descriptor??
[  121.074478][ T1090] kworker/u10:5: attempt to access beyond end of device
[  121.074478][ T1090] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  121.084394][ T1090] CPU: 0 UID: 0 PID: 1090 Comm: kworker/u10:5 Not tainted syzkaller #0 PREEMPT(full) 
[  121.084414][ T1090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  121.084431][ T1090] Workqueue: writeback wb_workfn (flush-7:1)
[  121.084452][ T1090] Call Trace:
[  121.084458][ T1090]  <TASK>
[  121.084464][ T1090]  dump_stack_lvl+0x189/0x250
[  121.084484][ T1090]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.084499][ T1090]  ? __pfx_queue_work_on+0x10/0x10
[  121.084513][ T1090]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  121.084534][ T1090]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  121.084561][ T1090]  f2fs_handle_critical_error+0x37c/0x540
[  121.084584][ T1090]  f2fs_write_end_io+0x886/0xb60
[  121.084610][ T1090]  __submit_merged_bio+0x27a/0x6a0
[  121.084633][ T1090]  __submit_merged_write_cond+0x255/0x530
[  121.084656][ T1090]  f2fs_write_data_pages+0x261d/0x3000
[  121.084695][ T1090]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.084763][ T1090]  ? f2fs_write_meta_pages+0x357/0x450
[  121.084780][ T1090]  ? __lock_acquire+0xab9/0xd20
[  121.084800][ T1090]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.084815][ T1090]  do_writepages+0x32e/0x550
[  121.084834][ T1090]  ? reacquire_held_locks+0x127/0x1d0
[  121.084845][ T1090]  ? writeback_sb_inodes+0x384/0x1010
[  121.084864][ T1090]  __writeback_single_inode+0x145/0xff0
[  121.084878][ T1090]  ? do_raw_spin_unlock+0x4d/0x240
[  121.084895][ T1090]  writeback_sb_inodes+0x6c7/0x1010
[  121.084928][ T1090]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  121.084969][ T1090]  ? rcu_is_watching+0x15/0xb0
[  121.084988][ T1090]  wb_writeback+0x43b/0xaf0
[  121.085008][ T1090]  ? queue_io+0x311/0x590
[  121.085023][ T1090]  ? __pfx_wb_writeback+0x10/0x10
[  121.085039][ T1090]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.085057][ T1090]  wb_workfn+0x409/0xef0
[  121.085078][ T1090]  ? __pfx_wb_workfn+0x10/0x10
[  121.085095][ T1090]  ? __lock_acquire+0xab9/0xd20
[  121.085122][ T1090]  ? process_scheduled_works+0x9ef/0x17b0
[  121.085140][ T1090]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.085157][ T1090]  ? process_scheduled_works+0x9ef/0x17b0
[  121.085169][ T1090]  ? process_scheduled_works+0x9ef/0x17b0
[  121.085180][ T1090]  process_scheduled_works+0xae1/0x17b0
[  121.085214][ T1090]  ? __pfx_process_scheduled_works+0x10/0x10
[  121.085236][ T1090]  worker_thread+0x8a0/0xda0
[  121.085255][ T1090]  ? __kthread_parkme+0x7b/0x200
[  121.085300][ T1090]  kthread+0x711/0x8a0
[  121.085316][ T1090]  ? __pfx_worker_thread+0x10/0x10
[  121.085327][ T1090]  ? __pfx_kthread+0x10/0x10
[  121.085343][ T1090]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.085360][ T1090]  ? lockdep_hardirqs_on+0x9c/0x150
[  121.085371][ T1090]  ? __pfx_kthread+0x10/0x10
[  121.085385][ T1090]  ret_from_fork+0x439/0x7d0
[  121.085402][ T1090]  ? __pfx_ret_from_fork+0x10/0x10
[  121.085420][ T1090]  ? __switch_to_asm+0x39/0x70
[  121.085445][ T1090]  ? __switch_to_asm+0x33/0x70
[  121.085458][ T1090]  ? __pfx_kthread+0x10/0x10
[  121.085474][ T1090]  ret_from_fork_asm+0x1a/0x30
[  121.085501][ T1090]  </TASK>
[  121.085507][ T1090] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  121.213313][ T6518] loop3: detected capacity change from 0 to 1024
[  121.213385][ T5768] ims_pcu 3-1:0.41: probe with driver ims_pcu failed with error -22
[  121.279053][ T5768] usb 3-1: USB disconnect, device number 5
[  121.295407][   T33] audit: type=1800 audit(1758564020.753:33): pid=6518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.262" name="file1" dev="loop3" ino=2 res=0 errno=0
[  121.377875][ T6523] xt_time: invalid argument - start or stop time greater than 23:59:59
[  121.820715][ T5768] delete_channel: no stack
[  122.490312][ T6562] sctp: [Deprecated]: syz.3.273 (pid 6562) Use of struct sctp_assoc_value in delayed_ack socket option.
[  122.490312][ T6562] Use struct sctp_sack_info instead
[  122.742190][ T6561] loop2: detected capacity change from 0 to 32768
[  122.757424][ T6561] read_mapping_page failed!
[  122.758925][ T6561] ialloc: diAlloc returned -5!
[  122.941455][   T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  123.073369][ T6576] loop2: detected capacity change from 0 to 22
[  123.086018][ T6576] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  123.094423][ T6576] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  123.113122][   T10] usb 2-1: Using ep0 maxpacket: 16
[  123.123646][   T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  123.128450][   T10] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[  123.143384][   T10] usb 2-1: config 0 interface 0 has no altsetting 0
[  123.147493][   T10] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  123.155953][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  123.172887][   T10] usb 2-1: config 0 descriptor??
[  123.189934][ T6580] loop2: detected capacity change from 0 to 1024
[  123.235142][ T1090] hfsplus: b-tree write err: -5, ino 8
[  123.268123][ T6582] loop3: detected capacity change from 0 to 128
[  123.308730][ T6582] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  123.318137][ T6582] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  123.775642][   T10] hid (null): nested delimiters
[  123.781513][   T10] hid (null): nested delimiters
[  123.786747][   T10] hid (null): nested delimiters
[  123.795680][   T10] hid (null): report_id 24797 is invalid
[  123.808641][   T10] hid (null): bogus close delimiter
[  123.872206][ T6594] loop2: detected capacity change from 0 to 2048
[  123.971720][   T10] usb 2-1: USB disconnect, device number 5
[  124.018926][   T33] audit: type=1326 audit(1758564023.483:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6596 comm="syz.2.291" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc22178ec29 code=0x0
[  124.185117][ T6173] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  124.585632][ T6610] loop3: detected capacity change from 0 to 4096
[  124.605813][ T6610] NILFS (loop3): invalid segment: Checksum error in segment payload
[  124.615729][ T6610] NILFS (loop3): trying rollback from an earlier position
[  124.644142][ T6610] NILFS (loop3): recovery complete
[  124.648135][ T6615] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  124.740853][ T6617] loop1: detected capacity change from 0 to 256
[  124.744316][ T6617] exfat: Deprecated parameter 'utf8'
[  124.748180][ T6617] exfat: Deprecated parameter 'utf8'
[  124.782018][ T6617] exfat: Deprecated parameter 'utf8'
[  124.797334][ T6617] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d)
[  124.806595][ T6608] loop2: detected capacity change from 0 to 32768
[  124.909537][ T6620] exFAT-fs (loop1): error, exfat_zeroed_cluster: out of range(sect:224 len:8)
[  124.915945][ T6620] exFAT-fs (loop1): Filesystem has been set read-only
[  125.529071][ T6630] __nla_validate_parse: 44 callbacks suppressed
[  125.529087][ T6630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.305'.
[  125.603710][ T6634] netlink: 8 bytes leftover after parsing attributes in process `syz.1.307'.
[  125.607403][ T6634] netlink: 8 bytes leftover after parsing attributes in process `syz.1.307'.
[  125.639858][ T6637] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  126.280379][   T24] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  126.452240][   T24] usb 2-1: Using ep0 maxpacket: 16
[  126.474302][   T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  126.481814][   T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  126.495976][   T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  126.520396][   T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  126.531427][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  126.549628][   T24] usb 2-1: Product: syz
[  126.564263][   T24] usb 2-1: Manufacturer: syz
[  126.576551][   T24] usb 2-1: SerialNumber: syz
[  127.034304][ T6661] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  127.037300][ T6661] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  127.054023][ T6661] Bluetooth: hci0: Opcode 0x0406 failed: -4
[  127.069072][ T6661] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  127.072423][ T6661] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  127.082115][ T6661] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  127.097686][ T6661] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  127.105947][ T6661] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  127.111597][   T24] usb 2-1: 0:2 : does not exist
[  127.117163][ T6661] Bluetooth: hci2: Opcode 0x0406 failed: -4
[  127.448021][ T6664] loop3: detected capacity change from 0 to 128
[  127.698741][ T6664] syz.3.320: attempt to access beyond end of device
[  127.698741][ T6664] loop3: rw=2049, sector=145, nr_sectors = 8 limit=128
[  127.723127][ T6664] syz.3.320: attempt to access beyond end of device
[  127.723127][ T6664] loop3: rw=2049, sector=161, nr_sectors = 8 limit=128
[  127.748547][ T6664] syz.3.320: attempt to access beyond end of device
[  127.748547][ T6664] loop3: rw=2049, sector=177, nr_sectors = 8 limit=128
[  127.757228][   T24] usb 2-1: 1:0: failed to get current value for ch 0 (-22)
[  127.771926][ T6664] syz.3.320: attempt to access beyond end of device
[  127.771926][ T6664] loop3: rw=2049, sector=193, nr_sectors = 8 limit=128
[  127.817673][   T24] usb 2-1: USB disconnect, device number 6
[  127.866391][ T6419] udevd[6419]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  128.734873][   T24] IPVS: starting estimator thread 0...
[  128.831284][ T6686] IPVS: using max 64 ests per chain, 153600 per kthread
[  129.018900][ T6675] loop2: detected capacity change from 0 to 32768
[  129.067293][ T6675] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  129.080720][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  129.083240][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  129.106127][ T6675] XFS (loop2): Ending clean mount
[  129.113662][ T6675] XFS (loop2): Quotacheck needed: Please wait.
[  129.153512][ T6675] XFS (loop2): Quotacheck: Done.
[  129.160933][   T55] Bluetooth: hci2: command 0x041b tx timeout
[  129.186970][ T5947] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  129.255801][ T6688] loop3: detected capacity change from 0 to 32768
[  129.263288][ T6688] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.329 (6688)
[  129.277058][ T6688] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  129.281024][ T6688] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  129.456614][ T6714] loop2: detected capacity change from 0 to 1024
[  129.572375][ T6688] BTRFS info (device loop3): rebuilding free space tree
[  130.065651][ T6688] BTRFS info (device loop3): disabling free space tree
[  130.069741][ T6688] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  130.076743][ T6688] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  130.116163][ T6688] BTRFS info (device loop3): enabling ssd optimizations
[  130.123964][ T6688] BTRFS info (device loop3): force clearing of disk cache
[  130.124497][ T6720] hfsplus: xattr search failed
[  130.128475][ T6688] BTRFS info (device loop3): enabling auto defrag
[  130.128558][ T6688] BTRFS info (device loop3): doing ref verification
[  130.128569][ T6688] BTRFS info (device loop3): max_inline set to 4096
[  130.420539][ T6173] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  130.828655][ T6730] loop3: detected capacity change from 0 to 2048
[  130.855724][ T6730] UDF-fs: warning (device loop3): udf_fill_super: No fileset found
[  131.170406][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  131.170447][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  131.253004][ T5945] Bluetooth: hci2: command 0x041b tx timeout
[  132.039596][ T6752] loop1: detected capacity change from 0 to 2048
[  132.407484][ T6755] loop3: detected capacity change from 0 to 1024
[  132.458690][ T6755] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  132.472061][ T6756] loop1: detected capacity change from 0 to 4096
[  132.484732][ T6756] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  132.597902][ T6756] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  132.602751][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  132.618309][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  132.635712][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  133.091194][ T6774] loop1: detected capacity change from 0 to 4096
[  133.116561][ T6778] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  133.145737][   T33] audit: type=1800 audit(1758564032.613:35): pid=6774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.354" name="file1" dev="loop1" ino=15 res=0 errno=0
[  133.240654][   T55] Bluetooth: hci0: command 0x0c1a tx timeout
[  133.243188][ T5945] Bluetooth: hci1: command 0x0c1a tx timeout
[  133.320290][ T5945] Bluetooth: hci2: command 0x041b tx timeout
[  133.622665][ T6797] loop1: detected capacity change from 0 to 4096
[  133.796045][ T6803] netlink: 'syz.2.367': attribute type 5 has an invalid length.
[  133.799206][ T6803] netlink: 176 bytes leftover after parsing attributes in process `syz.2.367'.
[  134.027533][ T6816] capability: warning: `syz.1.373' uses deprecated v2 capabilities in a way that may be insecure
[  134.125841][ T6820] binder: 6819:6820 ioctl c00c620f 200000000040 returned -22
[  134.810574][   T10] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  134.960695][   T10] usb 2-1: Using ep0 maxpacket: 32
[  134.964837][   T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  134.971253][   T10] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80
[  134.974707][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.977182][   T10] usb 2-1: Product: syz
[  134.978737][   T10] usb 2-1: Manufacturer: syz
[  134.980276][   T10] usb 2-1: SerialNumber: syz
[  134.985939][   T10] usb 2-1: config 0 descriptor??
[  134.993981][   T10] usb 2-1: bad CDC descriptors
[  134.996939][   T10] usb 2-1: unsupported MDLM descriptors
[  135.196421][ T6837] loop3: detected capacity change from 0 to 256
[  135.213461][   T24] usb 2-1: USB disconnect, device number 7
[  135.213879][ T6837] FAT-fs (loop3): Directory bread(block 64) failed
[  135.218315][ T6837] FAT-fs (loop3): Directory bread(block 65) failed
[  135.222074][ T6837] FAT-fs (loop3): Directory bread(block 66) failed
[  135.225630][ T6837] FAT-fs (loop3): Directory bread(block 67) failed
[  135.228237][ T6837] FAT-fs (loop3): Directory bread(block 68) failed
[  135.231064][ T6837] FAT-fs (loop3): Directory bread(block 69) failed
[  135.233924][ T6837] FAT-fs (loop3): Directory bread(block 70) failed
[  135.236572][ T6837] FAT-fs (loop3): Directory bread(block 71) failed
[  135.239990][ T6837] FAT-fs (loop3): Directory bread(block 72) failed
[  135.248816][ T6837] FAT-fs (loop3): Directory bread(block 73) failed
[  136.717278][ T6863] loop3: detected capacity change from 0 to 256
[  136.949998][   T33] audit: type=1326 audit(1758564036.413:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6873 comm="syz.3.397" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  136.990233][   T33] audit: type=1326 audit(1758564036.413:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6873 comm="syz.3.397" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  136.998507][   T33] audit: type=1326 audit(1758564036.413:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6873 comm="syz.3.397" exe="/syz-executor" sig=0 arch=c000003e syscall=130 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  137.020254][   T33] audit: type=1326 audit(1758564036.413:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6873 comm="syz.3.397" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  137.047791][   T33] audit: type=1326 audit(1758564036.413:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6873 comm="syz.3.397" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f455298ec29 code=0x7ffc0000
[  137.087595][ T6878] loop2: detected capacity change from 0 to 764
[  137.100947][ T6879] loop3: detected capacity change from 0 to 2048
[  137.107612][ T6879] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  137.117063][ T6879] NILFS (loop3): mounting unchecked fs
[  137.122668][ T5872] udevd[5872]: incorrect nilfs2 checksum on /dev/loop3
[  137.147667][ T6879] NILFS (loop3): recovery complete
[  137.181794][ T6880] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  137.205318][ T6881] Symlink component flag not implemented
[  137.208360][ T6881] Symlink component flag not implemented (116)
[  138.155049][ T6889] loop3: detected capacity change from 0 to 512
[  138.165932][ T6889] EXT4-fs (loop3): Test dummy encryption mode enabled
[  138.171122][ T6889] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  138.196415][ T6889] EXT4-fs error (device loop3): ext4_orphan_get:1418: comm syz.3.402: bad orphan inode 131083
[  138.206781][ T6889] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  138.404102][ T6893] loop1: detected capacity change from 0 to 4096
[  138.520464][ T6893] ntfs3(loop1): ino=1a, mi_enum_attr
[  138.522175][ T6893] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  138.796022][ T6173] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  138.940883][   T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.092667][   T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.188289][   T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.288693][   T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  139.515731][   T12] bridge_slave_1: left allmulticast mode
[  139.517420][   T12] bridge_slave_1: left promiscuous mode
[  139.524711][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  139.532723][   T12] bridge_slave_0: left allmulticast mode
[  139.534652][   T12] bridge_slave_0: left promiscuous mode
[  139.536796][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  139.595654][   T55] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  139.605586][   T55] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  139.608322][   T55] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  139.621791][   T55] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  139.625337][   T55] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  140.048024][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  140.059713][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  140.065653][   T12] bond0 (unregistering): Released all slaves
[  140.516260][   T12] hsr_slave_0: left promiscuous mode
[  140.521562][   T12] hsr_slave_1: left promiscuous mode
[  140.529242][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  140.539584][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  140.548361][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  140.553261][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  140.589372][   T12] veth1_macvtap: left promiscuous mode
[  140.592863][   T12] veth0_macvtap: left promiscuous mode
[  140.595446][   T12] veth1_vlan: left promiscuous mode
[  140.597791][   T12] veth0_vlan: left promiscuous mode
[  140.881902][ T6918] loop1: detected capacity change from 0 to 32768
[  140.917708][ T6918] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  140.948980][ T6918] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  141.100266][ T6918] XFS (loop1): Ending clean mount
[  141.204178][ T5944] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  141.475518][ T6934] loop1: detected capacity change from 0 to 256
[  141.501694][ T6934] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x18a9357c, utbl_chksum : 0xe619d30d)
[  141.582248][   T12] team0 (unregistering): Port device team_slave_1 removed
[  141.723721][   T55] Bluetooth: hci2: command tx timeout
[  141.731110][   T12] team0 (unregistering): Port device team_slave_0 removed
[  142.616529][ T6958] loop1: detected capacity change from 0 to 4096
[  142.646922][ T6913] chnl_net:caif_netlink_parms(): no params data found
[  142.702736][ T6966] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  142.906859][ T6913] bridge0: port 1(bridge_slave_0) entered blocking state
[  142.913718][ T6913] bridge0: port 1(bridge_slave_0) entered disabled state
[  142.916756][ T6913] bridge_slave_0: entered allmulticast mode
[  142.938148][   T33] audit: type=1326 audit(1758564042.373:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6977 comm="syz.1.430" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa78b78ec29 code=0x7ffc0000
[  142.954488][ T6913] bridge_slave_0: entered promiscuous mode
[  142.958101][ T6978] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3)
[  142.960854][ T6978] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  142.969546][ T6913] bridge0: port 2(bridge_slave_1) entered blocking state
[  142.975795][   T33] audit: type=1326 audit(1758564042.403:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6977 comm="syz.1.430" exe="/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fa78b790b7a code=0x7ffc0000
[  142.987907][ T6978] vhci_hcd vhci_hcd.0: Device attached
[  142.990598][ T6913] bridge0: port 2(bridge_slave_1) entered disabled state
[  142.995816][ T6913] bridge_slave_1: entered allmulticast mode
[  143.000921][   T33] audit: type=1326 audit(1758564042.403:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6977 comm="syz.1.430" exe="/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa78b78d590 code=0x7ffc0000
[  143.001805][ T6979] vhci_hcd: connection closed
[  143.011024][ T6913] bridge_slave_1: entered promiscuous mode
[  143.029644][ T5955] vhci_hcd: stop threads
[  143.032192][ T5955] vhci_hcd: release socket
[  143.033991][ T5955] vhci_hcd: disconnect device
[  143.043466][   T33] audit: type=1326 audit(1758564042.403:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6977 comm="syz.1.430" exe="/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa78b78d6df code=0x7ffc0000
[  143.058633][   T33] audit: type=1326 audit(1758564042.463:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6977 comm="syz.1.430" exe="/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fa78b78d88a code=0x7ffc0000
[  143.078764][   T33] audit: type=1326 audit(1758564042.463:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6977 comm="syz.1.430" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa78b78ec29 code=0x7ffc0000
[  143.100808][   T33] audit: type=1326 audit(1758564042.463:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6977 comm="syz.1.430" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa78b78ec29 code=0x7ffc0000
[  143.116698][   T12] ------------[ cut here ]------------
[  143.119318][   T12] WARNING: CPU: 1 PID: 12 at net/xfrm/xfrm_state.c:3308 xfrm_state_fini+0x289/0x2f0
[  143.123715][   T12] Modules linked in:
[  143.125563][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  143.129975][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  143.134943][   T12] Workqueue: netns cleanup_net
[  143.136975][   T12] RIP: 0010:xfrm_state_fini+0x289/0x2f0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  143.140344][   T12] Code: 41 5f 5d e9 c9 57 e0 f7 e8 84 20 9c f7 90 0f 0b 90 e9 fd fd ff ff e8 76 20 9c f7 90 0f 0b 90 e9 60 fe ff ff e8 68 20 9c f7 90 <0f> 0b 90 43 80 3c 2c 00 0f 85 c7 fe ff ff e9 ca fe ff ff e8 4f 20
[  143.148430][   T12] RSP: 0018:ffffc900000f7898 EFLAGS: 00010293
[  143.151165][   T12] RAX: ffffffff8a239fa8 RBX: ffff888109410000 RCX: ffff88801c2a5640
[  143.154254][   T12] RDX: 0000000000000000 RSI: ffffffff8d9ba083 RDI: ffffffff8be33f80
[  143.157252][   T12] RBP: 0000000000000040 R08: ffffffff8fa3a737 R09: 1ffffffff1f474e6
[  143.160526][   T12] R10: dffffc0000000000 R11: fffffbfff1f474e7 R12: 1ffff11021282294
[  143.163640][   T12] R13: dffffc0000000000 R14: ffff8881094114a0 R15: ffff888020cf3900
[  143.166761][   T12] FS:  0000000000000000(0000) GS:ffff8881a3c11000(0000) knlGS:0000000000000000
[  143.170410][   T12] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  143.172917][   T12] CR2: 0000001b30920ff8 CR3: 0000000031bba000 CR4: 00000000000006f0
[  143.177156][   T12] Call Trace:
[  143.179444][   T12]  <TASK>
[  143.181206][   T12]  xfrm_net_exit+0x2d/0x70
[  143.182976][   T12]  ops_undo_list+0x49a/0x990
[  143.184890][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[  143.186956][   T12]  ? do_raw_spin_unlock+0x4d/0x240
[  143.188844][   T12]  cleanup_net+0x4c5/0x800
[  143.190538][   T12]  ? __pfx_cleanup_net+0x10/0x10
[  143.192320][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  143.194399][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  143.196743][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  143.199091][   T12]  process_scheduled_works+0xae1/0x17b0
[  143.201553][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  143.203941][   T12]  worker_thread+0x8a0/0xda0
[  143.205787][   T12]  kthread+0x711/0x8a0
[  143.207396][   T12]  ? __pfx_worker_thread+0x10/0x10
[  143.209454][   T12]  ? __pfx_kthread+0x10/0x10
[  143.211340][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  143.213372][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.216109][   T12]  ? __pfx_kthread+0x10/0x10
[  143.219038][   T12]  ret_from_fork+0x439/0x7d0
[  143.221356][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  143.223459][   T12]  ? __switch_to_asm+0x39/0x70
[  143.225474][   T12]  ? __switch_to_asm+0x33/0x70
[  143.227425][   T12]  ? __pfx_kthread+0x10/0x10
[  143.229343][   T12]  ret_from_fork_asm+0x1a/0x30
[  143.231407][   T12]  </TASK>
[  143.232636][   T12] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  143.235780][   T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT(full) 
[  143.239518][   T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  143.243547][   T12] Workqueue: netns cleanup_net
[  143.245395][   T12] Call Trace:
[  143.246748][   T12]  <TASK>
[  143.247930][   T12]  dump_stack_lvl+0x99/0x250
[  143.249721][   T12]  ? __asan_memcpy+0x40/0x70
[  143.251529][   T12]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.253889][   T12]  ? __pfx__printk+0x10/0x10
[  143.255710][   T12]  vpanic+0x281/0x750
[  143.257248][   T12]  ? __pfx__printk+0x10/0x10
[  143.259260][   T12]  ? __pfx_vpanic+0x10/0x10
[  143.260968][   T12]  ? is_bpf_text_address+0x292/0x2b0
[  143.262947][   T12]  panic+0xb9/0xc0
[  143.264968][   T12]  ? __pfx_panic+0x10/0x10
[  143.266802][   T12]  __warn+0x31b/0x4b0
[  143.268469][   T12]  ? xfrm_state_fini+0x289/0x2f0
[  143.270468][   T12]  ? xfrm_state_fini+0x289/0x2f0
[  143.272477][   T12]  report_bug+0x2be/0x4f0
[  143.274275][   T12]  ? xfrm_state_fini+0x289/0x2f0
[  143.276338][   T12]  ? xfrm_state_fini+0x289/0x2f0
[  143.278352][   T12]  ? xfrm_state_fini+0x28b/0x2f0
[  143.280196][   T12]  handle_bug+0x84/0x160
[  143.281832][   T12]  exc_invalid_op+0x1a/0x50
[  143.283636][   T12]  asm_exc_invalid_op+0x1a/0x20
[  143.285542][   T12] RIP: 0010:xfrm_state_fini+0x289/0x2f0
[  143.287720][   T12] Code: 41 5f 5d e9 c9 57 e0 f7 e8 84 20 9c f7 90 0f 0b 90 e9 fd fd ff ff e8 76 20 9c f7 90 0f 0b 90 e9 60 fe ff ff e8 68 20 9c f7 90 <0f> 0b 90 43 80 3c 2c 00 0f 85 c7 fe ff ff e9 ca fe ff ff e8 4f 20
[  143.295203][   T12] RSP: 0018:ffffc900000f7898 EFLAGS: 00010293
[  143.297562][   T12] RAX: ffffffff8a239fa8 RBX: ffff888109410000 RCX: ffff88801c2a5640
[  143.300555][   T12] RDX: 0000000000000000 RSI: ffffffff8d9ba083 RDI: ffffffff8be33f80
[  143.303712][   T12] RBP: 0000000000000040 R08: ffffffff8fa3a737 R09: 1ffffffff1f474e6
[  143.306701][   T12] R10: dffffc0000000000 R11: fffffbfff1f474e7 R12: 1ffff11021282294
[  143.309788][   T12] R13: dffffc0000000000 R14: ffff8881094114a0 R15: ffff888020cf3900
[  143.312896][   T12]  ? xfrm_state_fini+0x288/0x2f0
[  143.314807][   T12]  ? xfrm_state_fini+0x288/0x2f0
[  143.317213][   T12]  xfrm_net_exit+0x2d/0x70
[  143.318973][   T12]  ops_undo_list+0x49a/0x990
[  143.320821][   T12]  ? __pfx_ops_undo_list+0x10/0x10
[  143.322830][   T12]  ? do_raw_spin_unlock+0x4d/0x240
[  143.324751][   T12]  cleanup_net+0x4c5/0x800
[  143.326413][   T12]  ? __pfx_cleanup_net+0x10/0x10
[  143.328335][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  143.330271][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  143.332484][   T12]  ? process_scheduled_works+0x9ef/0x17b0
[  143.334644][   T12]  process_scheduled_works+0xae1/0x17b0
[  143.336743][   T12]  ? __pfx_process_scheduled_works+0x10/0x10
[  143.339177][   T12]  worker_thread+0x8a0/0xda0
[  143.341038][   T12]  kthread+0x711/0x8a0
[  143.342663][   T12]  ? __pfx_worker_thread+0x10/0x10
[  143.344711][   T12]  ? __pfx_kthread+0x10/0x10
[  143.346550][   T12]  ? _raw_spin_unlock_irq+0x23/0x50
[  143.348565][   T12]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.350559][   T12]  ? __pfx_kthread+0x10/0x10
[  143.352327][   T12]  ret_from_fork+0x439/0x7d0
[  143.354194][   T12]  ? __pfx_ret_from_fork+0x10/0x10
[  143.356135][   T12]  ? __switch_to_asm+0x39/0x70
[  143.357977][   T12]  ? __switch_to_asm+0x33/0x70
[  143.359871][   T12]  ? __pfx_kthread+0x10/0x10
[  143.361742][   T12]  ret_from_fork_asm+0x1a/0x30
[  143.363698][   T12]  </TASK>
[  143.365665][   T12] Kernel Offset: disabled
[  143.367323][   T12] Rebooting in 86400 seconds..

VM DIAGNOSIS:
18:00:42  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000000 RBX=0000000000000000 RCX=348fa78f754a4800 RDX=0000000000000000
RSI=ffffffff8172d1c2 RDI=1ffffffff1c2741c RBP=ffffffff8172d1a5 RSP=ffffc90002bcefd8
R8 =0000000000000000 R9 =0000000000000000 R10=ffffc90002bcf198 R11=ffffffff81ac4ce0
R12=0000000000000002 R13=ffffffff8e13a0e0 R14=0000000000000000 R15=0000000000000000
RIP=ffffffff819d6e21 RFL=00000202 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fd49d6c4740 ffffffff 00c00000
GS =0000 ffff8880b8611000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=000055ea2bba5000 CR3=0000000027a22000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 00ffffffffffffff
XMM02=6c696166203a7325 002f74656e2f7373 XMM03=0000000000000000 0000000000007373
XMM04=64656c696166203a 7325002f74656e2f XMM05=0032313230382f65 65692f316968702f
XMM06=0000000000000000 0000000000000000 XMM07=000000000000ff00 0000ff00000000ff
XMM08=ff00000000000000 0000000000000000 XMM09=3435313230386565 65692f6d69737768
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000031 RBX=0000000000000031 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000000000 RDI=0000000000000020 RBP=00000000000003f8 RSP=ffffc900000f7030
R8 =ffff888106dc0237 R9 =1ffff11020db8046 R10=dffffc0000000000 R11=ffffffff855006f0
R12=dffffc0000000000 R13=ffffffff99b048eb R14=ffffffff99df9460 R15=0000000000000000
RIP=ffffffff8550076c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c11000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b30920ff8 CR3=0000000031bba000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=00003000305f6576 616c735f646e6f62
XMM02=00007fffd171a9a7 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=ffff00ff00000000 0000000000000000 XMM05=0000000000000000 00007f497aa12e7b
XMM06=0000000000000000 00007f497aa12e75 XMM07=0000000000000000 00007f497aa12e89
XMM08=0000000000000000 00007f497aa12f0f XMM09=0000000000000000 00007f497aa12fed
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
