last executing test programs:

18m46.054399684s ago: executing program 2 (id=651):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x214000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r3 = socket$inet_udp(0x2, 0x2, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r5=>0x0})
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r6 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r6}, 0x18)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', r5, 0x8000, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x29, 0x0, @multicast1, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x24, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, @multicast1, @empty}}}})

18m43.069543243s ago: executing program 2 (id=659):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xf, &(0x7f0000000440)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
getpid()
sched_setaffinity(0x0, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x8}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020700000000000002030207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000100850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sched_switch\x00', r1}, 0x10)
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6)
write$bt_hci(r2, 0x0, 0x6)

18m40.397832318s ago: executing program 2 (id=662):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x0, {{@in6=@ipv4={'\x00', '\xff\xff', @empty}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, [@tmpl={0x44, 0x5, [{{@in6=@local, 0x0, 0x6c}, 0x0, @in=@local, 0x0, 0x5, 0x3, 0x0, 0x101}]}]}, 0xfc}}, 0x4)
bpf$MAP_GET_NEXT_KEY(0x2, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x10, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r4}, 0x0, &(0x7f0000000280)}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
sync_file_range(0xffffffffffffffff, 0x4, 0x401, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000100)={0x2, {0x2, 0x13d, 0x0, 0xd6e}})
ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, &(0x7f0000000540)={0x2, {0x2, 0x2301, 0x14ec, 0x2}})
connect$tipc(0xffffffffffffffff, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x1, {0x41, 0x4, 0x2}}, 0x10)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200000000000000000010003c0003000000000000000000000010003300000000000000000000000000fc020000000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0)
syz_emit_ethernet(0x2c, &(0x7f0000000000)={@multicast, @multicast, @void, {@arp={0x806, @generic={0x104, 0x1e3, 0x6, 0xa, 0xa, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, "1b05b297940de2e2ea4e", @broadcast}}}}, &(0x7f0000000040)={0x1, 0x1, [0x115, 0x4c5, 0x3a9, 0x7f2]})

18m39.244918868s ago: executing program 2 (id=665):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000140)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@nombcache}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

18m37.708267843s ago: executing program 2 (id=669):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000050000106a05310300000000000109022400010000800009040002090300010009210000000122000509058103"], 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r1, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

18m30.385233255s ago: executing program 2 (id=680):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000140)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@nombcache}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

18m15.209899098s ago: executing program 32 (id=680):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r3}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000140)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000000}}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@nombcache}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x1, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

12.487140577s ago: executing program 1 (id=3266):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0x4, 0xa}, {}, {0xfff2, 0xc}}, [@filter_kind_options=@f_bpf={{0x8}, {0x28, 0x2, [@TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x2}, @TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_CLASSID={0x8, 0x3, {0x8, 0xb}}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804)

11.863593357s ago: executing program 3 (id=3269):
r0 = socket$packet(0x11, 0x3, 0x300)
pipe2$9p(0x0, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e"], 0x15)
r1 = dup(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x1c, 0x10, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000cfb30000000000000001000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf09000000000000550901000000000095000000000000006167800008000000bf91000000000000b7020000020000008500000085000000b7000000008a2b3a4cda0db7b1ead0fe"], &(0x7f0000000000)='GPL\x00', 0x1000, 0x1000, &(0x7f0000000840)=""/4096, 0x41100, 0xa, '\x00', 0x0, @fallback=0x17, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x0, 0xf, 0x10000, 0x3ff}, 0x10, 0x0, 0xffffffffffffffff, 0x4, &(0x7f00000005c0)=[r1, 0xffffffffffffffff, 0xffffffffffffffff, r1, r1, r1, r1, r1], &(0x7f0000000600)=[{0x3, 0x2, 0x1}, {0x5, 0x4, 0xc, 0x15}, {0x4, 0x5, 0xc, 0x3}, {0x0, 0x2, 0xf}], 0x10, 0xe32}, 0x94)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf96b2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000ddffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000300)='sched_switch\x00', r5}, 0x10)
socket(0x10, 0x803, 0x0)
r6 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r6, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r6, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000000140)={0x0, 0x0}, 0x10)
sendto$inet(r6, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
r7 = socket$nl_route(0x10, 0x3, 0x0)
r8 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r8, &(0x7f0000000140)={0x11, 0x0, <r9=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="4c000000100039042abd70000000000000000000", @ANYRES32=r9, @ANYBLOB="01180200031100002c0012800e00010069703665727370616e0000001800028008001500a8bc0d00040012"], 0x4c}}, 0x0)
sendto$packet(r0, &(0x7f0000000480)="7eeb99b6f78c67515ea2f0d01d76", 0xe, 0x0, &(0x7f0000000140)={0x11, 0x86c2, r9, 0x1, 0x6, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, 0x14)

11.280281816s ago: executing program 1 (id=3273):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x214000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
r5 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000040)={'team_slave_0\x00', <r6=>0x0})
sched_setscheduler(0x0, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', r6, 0x8000, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x29, 0x0, @multicast1, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x24, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, @multicast1, @empty}}}})
r7 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r7, &(0x7f0000000080)={0x24, @short={0x2, 0x0, 0xfffd}}, 0x14)
r8 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r8, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c)
sendmmsg(r8, &(0x7f0000000480), 0x2e9, 0x0)

9.68937809s ago: executing program 3 (id=3277):
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@uuid_on}, {@index_off}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@xino_on}], [], 0x2c})

9.67151013s ago: executing program 1 (id=3278):
socket$inet6(0xa, 0x3, 0x3c)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r2, &(0x7f0000000600)=[{&(0x7f0000000240)="02000000", 0x4}, {&(0x7f00000008c0)="f697079a161cfb7502fbbdcda76933ddd0c2", 0x12}], 0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
rt_sigsuspend(0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r6, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0x8000000}, 0xc)
r7 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r7, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0xfddbdf25}, 0xc)

9.668922971s ago: executing program 3 (id=3279):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000a80)={{r3}, &(0x7f0000000a00), &(0x7f0000000400)=r2}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000900)={{r3}, &(0x7f0000000880), &(0x7f00000008c0)=r2}, 0x20)

9.543159203s ago: executing program 3 (id=3281):
r0 = socket(0x10, 0x3, 0x0)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r2, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r4}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10)
bind$tipc(r1, 0x0, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=@newlink={0x38, 0x10, 0x403, 0x6101, 0x0, {0x0, 0x0, 0x0, 0x0, 0x56760003ded1ddd3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_VTI_LOCAL={0x8, 0x4, @rand_addr=0xc0000200}]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0x10)

7.967045467s ago: executing program 1 (id=3285):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007110110000000000950a008000000000e8b6579ddee9ca80fa107a2a4ec3fc29eb3400fe00456b00f4161d817bc2897f8a7db7c8c936199e5ae2bafb43744e85f5bcd2f6de240f399962f2be99bb117d42323f375fc363f90af49b85a70a9bd68593a990434d57e9a1f209a1223adedfd9111767c0b2e0d71377580da2796348c08d2d54f20dc9a6e39d6e0e2a1c5f1b27ad518bafd921a914"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x80)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000000000000000000400", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x513, &(0x7f0000000c40)="$eJzs3W9rJHcdAPDvTLJp7i41WxU5C7bFVu6K3m7S2DaKtBVEHxXU+jzGZBNCNtmQ3dRLKJriCxBEVPAF+ETwBQjSlyDCgT4XFUX0Th/qjczuRPNnN1mSTfbcfD4w2d9v/n2/vyE7O39+zARwbb0QEW9FxFhEvBwR08X4tBgW8sp+Z75HD99byocksuydvyWRFOMO1pXXxyPiVmeRmIyIr38l4lvJybjN3b31xXq9tl3Uq62NrWpzd+/e2sbiam21tjk3N/va/Ovzr87PZIULtbMcEW986U8/+v7PvvzGrz7z7d8v/OXud/K0vvCxTt4RsXShAD101l1qb4sD+TbavoxgQ5K3pzQ27CwAAOhHfoz/4Yj4ZPv4fzrG2kdzAAAAwCjJ3pyKfyURGQAAADCy0oiYiiStFH0BpiJNK5VOH96Pxs203mi2Pr3S2NlczqdFlKOUrqzVazNFX+FylJK8Plv0sT2ov3KsPhcRz0TED6dvtOuVpUZ9edgXPwAAAOCauPX80fP/f06n7TIAAAAwYso9KwAAAMCocMoPAAAAo8/5PwAAAIy0r779dj5kB+/xXn53d2e98e695VpzvbKxs1RZamxvVVYbjdX2M/s2zlpfvdHY+mxs7tyvtmrNVrW5u7ew0djZbC2sHXkFNgAAAHCFnnn+g98lEbH/+RvtIYrnAAIc8cdhJwAM0tiwEwCGZnzYCQBDUzpzDnsIGHXJGdNPdt7pXCuMX19OPgAAwODd+fjJ+/8TxbSzrw0A/8/09QGA68fdPbi+SuftAXh70JkAw/KhzsdTvab3fHhHH/f/O9cYsuxciQEAAAMz1R6StFIcp09FmlYqEU+3XwtQSlbW6rWZ4vzgt9Olp/L6bHvJ5Mw+wwAAAAAAAAAAAAAAAAAAAAAAAABAR5YlkQEAAAAjLSL9c9J+mn/EnemXpo5eHTj21q+fvvPj+4ut1vZsxETy9+l81EREtH5SjH8l80oAAAAAeAJ0ztOLz9lhZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn08L2lg+Eq4/71ixFR7hZ/PCbbn5NRioib/0hi/NBySUSMDSD+/vsRcbtb/CQeZ1lWLrLoFv/GJccvtzdN9/hpRNwaQHy4zj7I9z9vdfv+pfFC+7P792+8GC6q9/4v/e/+b6zH/ufpY/Venn3wi2rP+O9HPDveff9zED/pxD8SIq+82Gcbv/mNvb2uEw6tslv8w7GqrY2tanN3797axuJqbbW2OTc3+9r86/Ovzs9UV9bqteJv1zA/+MQvH5/W/ps94pePtv/E9n+pr9Zn8e8H9x9+pFMpdYt/98Xuv7+3e8RPi9++TxXlfPqdg/J+p3zYcz//zXOntX+5R/snz2j/3b7aH597+Wvf+0PXKSe2BgBwFZq7e+uL9Xpt+5TCZB/zXHHhzScjjQEW4slIY1iF7Lud/8eLreeCi58oZBdZfDwGkMbEie/pWJx3hUnEfr6uPv8hAQCAEfO/g/7T7iABAAAAAAAAAAAAAAAAAAAAl+mcjyWbjIi+Zz4ec384TQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONV/AgAA//8FStFZ")
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(0x0, 0x0)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
socket(0x27, 0x3, 0x3a)
ftruncate(r3, 0x2007ffb)
sendfile(r3, r3, 0x0, 0x1000000201005)

7.948112797s ago: executing program 3 (id=3287):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007110110000000000950a008000000000e8b6579ddee9ca80fa107a2a4ec3fc29eb3400fe00456b00f4161d817bc2897f8a7db7c8c936199e5ae2bafb43744e85f5bcd2f6de"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x94)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
pselect6(0x40, &(0x7f0000000300)={0x7, 0xffffffffffffff98, 0x5, 0x7, 0x6, 0x8, 0x8, 0x3}, &(0x7f0000000100)={0x4, 0x100000001, 0x200, 0x9, 0x7, 0x7, 0x7ff, 0x1}, &(0x7f0000000140)={0x80000004, 0x0, 0x7, 0x100000000, 0x7f, 0xea2, 0xf39c, 0x9e8b}, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={[0x7]}, 0x8})
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000000000000000000400", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7020000140000e5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x513, &(0x7f0000000c40)="$eJzs3W9rJHcdAPDvTLJp7i41WxU5C7bFVu6K3m7S2DaKtBVEHxXU+jzGZBNCNtmQ3dRLKJriCxBEVPAF+ETwBQjSlyDCgT4XFUX0Th/qjczuRPNnN1mSTfbcfD4w2d9v/n2/vyE7O39+zARwbb0QEW9FxFhEvBwR08X4tBgW8sp+Z75HD99byocksuydvyWRFOMO1pXXxyPiVmeRmIyIr38l4lvJybjN3b31xXq9tl3Uq62NrWpzd+/e2sbiam21tjk3N/va/Ovzr87PZIULtbMcEW986U8/+v7PvvzGrz7z7d8v/OXud/K0vvCxTt4RsXShAD101l1qb4sD+TbavoxgQ5K3pzQ27CwAAOhHfoz/4Yj4ZPv4fzrG2kdzAAAAwCjJ3pyKfyURGQAAADCy0oiYiiStFH0BpiJNK5VOH96Pxs203mi2Pr3S2NlczqdFlKOUrqzVazNFX+FylJK8Plv0sT2ov3KsPhcRz0TED6dvtOuVpUZ9edgXPwAAAOCauPX80fP/f06n7TIAAAAwYso9KwAAAMCocMoPAAAAo8/5PwAAAIy0r779dj5kB+/xXn53d2e98e695VpzvbKxs1RZamxvVVYbjdX2M/s2zlpfvdHY+mxs7tyvtmrNVrW5u7ew0djZbC2sHXkFNgAAAHCFnnn+g98lEbH/+RvtIYrnAAIc8cdhJwAM0tiwEwCGZnzYCQBDUzpzDnsIGHXJGdNPdt7pXCuMX19OPgAAwODd+fjJ+/8TxbSzrw0A/8/09QGA68fdPbi+SuftAXh70JkAw/KhzsdTvab3fHhHH/f/O9cYsuxciQEAAAMz1R6StFIcp09FmlYqEU+3XwtQSlbW6rWZ4vzgt9Olp/L6bHvJ5Mw+wwAAAAAAAAAAAAAAAAAAAAAAAABAR5YlkQEAAAAjLSL9c9J+mn/EnemXpo5eHTj21q+fvvPj+4ut1vZsxETy9+l81EREtH5SjH8l80oAAAAAeAJ0ztOLz9lhZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn08L2lg+Eq4/71ixFR7hZ/PCbbn5NRioib/0hi/NBySUSMDSD+/vsRcbtb/CQeZ1lWLrLoFv/GJccvtzdN9/hpRNwaQHy4zj7I9z9vdfv+pfFC+7P792+8GC6q9/4v/e/+b6zH/ufpY/Venn3wi2rP+O9HPDveff9zED/pxD8SIq+82Gcbv/mNvb2uEw6tslv8w7GqrY2tanN3797axuJqbbW2OTc3+9r86/Ovzs9UV9bqteJv1zA/+MQvH5/W/ps94pePtv/E9n+pr9Zn8e8H9x9+pFMpdYt/98Xuv7+3e8RPi9++TxXlfPqdg/J+p3zYcz//zXOntX+5R/snz2j/3b7aH597+Wvf+0PXKSe2BgBwFZq7e+uL9Xpt+5TCZB/zXHHhzScjjQEW4slIY1iF7Lud/8eLreeCi58oZBdZfDwGkMbEie/pWJx3hUnEfr6uPv8hAQCAEfO/g/7T7iABAAAAAAAAAAAAAAAAAAAAl+mcjyWbjIi+Zz4ec384TQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONV/AgAA//8FStFZ")
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(0x0, 0x0)
r5 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
socket(0x27, 0x3, 0x3a)
r6 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r6, &(0x7f0000001200)={0x0, 0x0, 0x0}, 0x0)
ftruncate(r5, 0x2007ffb)
sendfile(r5, r5, 0x0, 0x1000000201005)

7.847203049s ago: executing program 5 (id=3289):
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x214000, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r4, 0x89f1, &(0x7f0000000200)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x8000, 0x700, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x1, 0x14, 0x67, 0x0, 0x0, 0x29, 0x0, @multicast1, @empty}}}})
ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r4, 0x89f3, &(0x7f0000000940)={'syztnl0\x00', &(0x7f0000000140)={'ip_vti0\x00', 0x0, 0x0, 0x0, 0x0, 0x2, {{0x5, 0x4, 0x0, 0x24, 0x14, 0x0, 0x0, 0xfe, 0x0, 0x0, @multicast1, @empty}}}})
r5 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r5, &(0x7f0000000080)={0x24, @short={0x2, 0x0, 0xfffd}}, 0x14)
r6 = socket$inet6(0xa, 0x3, 0x7)
connect$inet6(r6, &(0x7f00000000c0)={0xa, 0x0, 0xfffffffe, @local, 0x1}, 0x1c)
sendmmsg(r6, &(0x7f0000000480), 0x2e9, 0x0)

6.49291404s ago: executing program 0 (id=3290):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@uuid_on}, {@index_off}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@xino_on}], [], 0x2c})

6.48920519s ago: executing program 4 (id=3291):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000040000000800000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000200)='qdisc_reset\x00', r1}, 0x10)
r2 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', <r3=>0x0})
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000005a40)=ANY=[@ANYBLOB="b400000010000904000000000000000000002200", @ANYBLOB="fffffffed9526cfd8400128009000100766c616e000000007400028006000100000600000c000200367da1650e000000280003800c00010001800000002000000c000100a1000000c84200000c0001000800000008000000340004800c00010006000000ff0300000c00010004000000080000000c00010004000000020000000c000100050000000300000008000500", @ANYRES32=r3, @ANYBLOB='\b\x00\n\x00', @ANYRESOCT], 0xb4}}, 0x0)

6.285934313s ago: executing program 4 (id=3292):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r7, 0x2007ffb)
sendfile(r7, r7, 0x0, 0x739ec272)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat(0xffffffffffffff9c, 0x0, 0x1c1002, 0x0)

6.244151634s ago: executing program 0 (id=3293):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0}, 0x94)
r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x0)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000004c0)={r0, r2, 0x1, 0x0, @val=@perf_event={0x5}}, 0x41)
syz_emit_ethernet(0x4e, &(0x7f0000000780)={@local, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00 \x00', 0x18, 0x3a, 0xff, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @local, {[], @mld={0x187, 0x0, 0x0, 0x0, 0x0, @local}}}}}}, 0x0)

6.229148014s ago: executing program 0 (id=3294):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
r3 = socket(0x1e, 0x80004, 0x0)
r4 = socket(0x1e, 0x4, 0x0)
r5 = dup3(r4, r3, 0x0)
getsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, 0x0, 0x0)
recvmmsg(r5, &(0x7f0000004580)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000600)=""/179, 0x3514}], 0x1}, 0xffffffff}], 0x1, 0x40000001, 0x0)
bind$inet6(r2, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r2, 0x3)
syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0)

6.216079904s ago: executing program 5 (id=3295):
socket$inet6(0xa, 0x3, 0x3c)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r2, &(0x7f0000000600)=[{&(0x7f0000000240)="02000000", 0x4}, {&(0x7f00000008c0)="f697079a161cfb7502fbbdcda76933ddd0c2", 0x12}], 0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
rt_sigsuspend(0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r6, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0x8000000}, 0xc)
r7 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r7, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0xfddbdf25}, 0xc)

4.897395454s ago: executing program 1 (id=3296):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, 0x0, 0x8000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000", @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x18)
lgetxattr(&(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000001740)=""/4096, 0x1000)
syz_clone(0x148c5400, &(0x7f0000000880), 0x0, 0x0, &(0x7f0000000380), &(0x7f0000000540)="61c88661dd7c5dd749efb9a0f3f5f0953c36edc9891cb93ee9e451daa28b781ca49ecafc7d52b0834e60c857")
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x20000007d, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0})
socket$netlink(0x10, 0x3, 0x61d2b664bdca8124)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@getchain={0x2c, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff3}}, [{0x8, 0xb, 0x1}]}, 0x2c}}, 0x0)

4.889679505s ago: executing program 0 (id=3297):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './bus\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x94)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
fstat(0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x86, &(0x7f0000000540)=ANY=[@ANYBLOB], 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000a80)={{{@in6=@ipv4={""/10, ""/2, @loopback}, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}}, {{@in=@initdev}, 0x0, @in6}}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b0000000500000008040000cd00000001"], 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00'}, 0x10)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000d80)={[], [{@fsmagic={'fsmagic', 0x3d, 0xe4a3}}, {@rootcontext={'rootcontext', 0x3d, 'unconfined_u'}}, {@subj_role={'subj_role', 0x3d, '@\\!/./.\xc5:'}}, {@fsname={'fsname', 0x3d, 'nogrpid'}}, {@subj_type={'subj_type', 0x3d, 'discard'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}, {@euid_gt={'euid>', 0xffffffffffffffff}}, {@uid_lt={'uid<', r5}}, {@dont_appraise}, {@smackfsdef={'smackfsdef', 0x3d, 'iso8859-1'}}, {@obj_role={'obj_role', 0x3d, '$!\xf4'}}, {@dont_hash}]}, 0x0, 0x14f5, &(0x7f0000001580)="$eJzs3AuYjlXXOPC99t43Y5r0NMlh2GuvmycNtkmSHBJySJIkSXJKSJokSUgMOSUNSchxkhyGkBymMWmcz4eckyavNEkSklPY/0vv+33e9+v9vr7v//b/u65v1u+69jV7zf2s9ax71lzz3PdzXfP80HNUvRb1azcjIvEvgb9+SRFCxAghhgkhbhBCBEKISvGV4q8cL6Ag5V97EvbnejT9WnfAriWef97G88/beP55G88/b+P55208/7yN55+38fwZy8u2zyl2I6+8u/j9/7yMX///F8ktP/mbjeVv7vU/SOH55208/7yN55+38fzzNp5/3sbz/9+v1n9xjOeft/H8GcvLrvX7z7yu7brWv3+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxvKGc/4qLYT4t/217osxxhhjjDHGGGN/Hp//WnfAGGOMMcYYY4yx//dASKGEFoHIJ/KLGFFAxIrrRJy4XhQUN4iIuFHEi5tEIXGzKCyKiKKimEgQxUUJYQQKK0iEoqQoJaLiFlFa3CoSRRlRVpQTTpQXSeI2UUHcLiqKO0QlcaeoLO4SVURVUU1UF3eLGuIeUVPUErXFvaKOqCvqifriPtFA3C8aigdEI/GgaCweEk3Ew6KpeEQ0E4+K5uIx0UI8LlqKJ0Qr0Vq0EW1Fu/+r/FdEX/Gq6Cf6ixQxQAwUr4lBYrAYIoaKYeJ1MVy8IUaIN0WqGClGibfEaPG2GCPeEWPFODFevCsmiIlikpgspoipIk28J6aJ98V08YGYIWaKWWK2SBdzxFzxoZgn5osF4iOxUHwsFonFYolYKjLEJyJTLBNZ4lOxXHwmssUKsVKsEqvFGrFWrBPrxQaxUWwSm8UWsVVsE9vF52KH2Cl2id1ij9gr9okvxH7xpTggvhI54uv/Yf7Z/5DfCwQIkCBBg4Z8kA9iIAZiIRbiIA4KQkGIQATiIR4KQSEoDIWhKBSFBEiAElACEBAICEpCSYhCFEpDaUiERCgLZcGBgyRIggpwO1SEilAJKkFlqAxVoCpUhepQHWpADagJNaE21IY6UAfqQT24D+6D+6EhNIRG0AgaQ2NoAk2gKTSFZtAMmkNzaAEtoCW0hFbQCtpAG2gH7aA9tIcO0AE6QSfoDJ2hC3SBZEiGrtAVukE36A7doQf0gJ7QE3pBb+gNr8Ar8Cq8Cv2hjhwAA2EgDIJBMASGwlB4HYbDG/AGvAmpMBJGwVvwFrwNY+AMjIVxMB7GQw05ESbBZCA5FdIgDabBNJgO02EGzISZMBvSYQ7MhbkwD+bDfPgIFsLH8DEshsWwFDIgAzJhGWRBFiyHs5ANK2AlrILVsAZWwzpYD+tgI2yCjbAFtsA22Aafw+ewE3bCbtgNe2EvfAFfwJfwJaRCDuTAQTgIh+AQHIbDkAu5cASOwFE4CsfgGByH43ACTsIpOAmn4TScgbNwDs7BBbgAF+GlhO+a7y2zIVXIK7TUMp/MJ2NkjIyVsTJOxsmCsqCMyIiMl/GykCwkC8vCsqgsKhNkgiwhS0iUKEmGsqQsKaMyKkvL0jJRJsqysqx00skkmSQryAqyoqwoK8k7ZWV5l6wiq8qOrrqsLmvITq6mrCVry9qyjqwr68n6sr5sIBvIhrKhbCQbycaysWwiH5ZN5QAYAo/KK5NpIUdCSzkKWsnWso1sK9+GJ2V7OQY6yI6yk3xajoOx0EW2d8nyOdlVToJu8gU5GV6UPeRU6Clflr1kb9lHviL7yg6un+wvZ8AAOVDOhkFysBwih8p5UFdemVg9+aZMlSPlKPmWXApvyzHyHTlWjpPj5btygpwoJ8nJcoqcKtPke3KafF9Olx/IGXKmnCVny3Q5R86VH8p5cr5cID+SC+XHcpFcLJfIpTJDfiIz5TKZJT+Vy+VnMluukCvlKrlarpFr5Tq5Xm6QG+UmuVlukVvlNrldfi53yJ1yl9wt98i9cp/8Qu6XX8oD8iuZI7+WB+Vf5CH5jTwsv5W58jt5RH4vj8of5DH5ozwuf5In5El5Sv4sT8tf5Bl5Vp6T5+UF+au8KC/Jy9JLoUBJpZRWgcqn8qsYVUDFqutUnLpeFVQ3qIi6UcWrm1QhdbMqrIqooqqYSlDFVQllFCqrSIWqpCqlouoWVVrdqhJVGVVWlVNOlVdJ6jZVQd2uKqo7VCV1p6qs7lJVVFVVTVVXd6sa6h5VU9VStdW9qo6qq+qp+uo+1UDdrxqqB1Qj9aBqrB5STdTDqql6RDVTj6rm6jHVQj2uWqonVCvVWrVRbVU79aRqr55SHVRH1Uk9rTqrZ1QX9axKVs+prup51U29oLqrF1UP9ZLqqV5WvVRv1UddUpeVV/1Uf5WiBqiB6jU1SA1WQ9RQNUy9roarN9QI9aZKVSPVKPWWGq3eVmPUO2qsGqfGq3fVBDVRTVKT1RQ1VaWp99Q09b6arj5QM9RMNUvNVulqjhryt0oL/hv57/+T/BG/Pfs2tV19rnaonWqX2q32qL1qn9qn9qv96oA6oHJUjjqoDqpD6pA6rA6rXJWrjqgj6qg6qo6pY+q4Oq5OqJPqvPpZnVa/qDPqrDqrzqsL6oK6+LefgdCgpVZa60Dn0/l1jC6gY/V1Ok5frwvqG3RE36jj9U26kL5ZF9ZFdFFdTCfo4rqENhq11aRDXVKX0lF9iy6tb9WJuowuq8tpp8vrJH3bv5z/R/210+10e91ed9AddCfdSXfWnXUX3UUn62TdVXfV3XQ33V131z10D91T99S9dC/dR/fRfXVf3U/30yk6RQ/Ur+lBerAeoofqYfp1PVwP1yP0CJ2qU/UoPUqP1qP1GD1Gj9Vj9Xg9Xk/QE/QkPUlP0VN0mk7T0/Q0PV1P1zP0DD1Lz9LpOl3P1XP1PD1PL9AL9EK9UC/Si/QSvURn6AydqTN1ls7Sy/Vyna1X6BV6lV6l1+g1ep1epzfoDXqT3qS36C06W2/X2/UOvUPv0rv0Hr1H79P79H69Xx/QB3SOztEH9UF9SB/Sh/Vhnatz9RF9RB/VR/UxfUwf18f1CX1Cn9Kn9Gl9Wp/RZ/Q5fU5f0Bf0RX1RX9aXr1z2BTKQgQ50kC/IF8QEMUFsEBvEBXFBwaBgEAkiQXwQHxQKbg4KB0WCokGxICEoHpQITICBDSgIg5JBqSAa3BKUDm4NEoMyQdmgXOCC8kFScFtQIbg9qBjcEVQK7gwqB3cFVYKqQbWgenB3UCO4J6gZ1ApqB/cGdYK6Qb2gfnBf0CC4P2gYPBA0Ch4MGgcPBU2Ch4OmwSNBs+DRoHnwWNAieDxoGTwRtApaB22CtkG7P7W+92eKPOX6mf4mxQwwA81rZpAZbIaYoWaYed0MN2+YEeZNk2pGmlHmLTPavG3GmHfMWDPOjDfvmglmoplkJpspZqpJM++ZaeZ9M918YGaYmWaWmW3SzRwz13xo5pn5ZoH5yCw0H5tFZrFZYpaaDPOJyTTLTJb51Cw3n5lss8KsNKvMarPGrDXrzHqzwWw0m8xms8VsNdvMdvO52WF2ml1mt9lj9pp95guz33xpDpivTI752hw0fzGHzDfmsPnW5JrvzBHzvTlqfjDHzI/muPnJnDAnzSnzszltfjFnzFlzzpw3F8yv5qK5ZC4bf+Xi/srLO2rUmA/zYQzGYCzGYhzGYUEsiBGMYDzGYyEshIWxMBbFopiACVgCS+AVhIQlsSRGMYqlsTQmYiKWxbLo0GESJmEFrIAVsSJWwkpYGStjFayC1bAa3o134z14D9bCWngv3ot1sS7Wx/rYABtgQ2yIjbARNsbG2ASbYFNsis2wGTbH5tgCW2BLbImtsBW2wTbYDtthe2yPHbADdsJO2Bk7YxfsgsmYjF2xK3bDbtgdu2MP7IE9sSf2wl7YB/tgX+yL/bAfpmAKDsSBOAgH4RAcgsNwGA7H4TgCR2AqpuIoHIWjcTSOwTE4FsfheHwXJ+BEnISTcQpOxTRMw2k4DafjdJyBM3AWzsJ0TMe5OBfn4TxcgAtwIS7ERbgIl+ASzMAMzMRMzMIsXI7LMRuzcSWuxNW4GtfiWlyP63EjbsTNuBm34lbcjttxB+7AXbgL9+Ae3If7cD/uxwN4AHMwBw/iQTyEh/AwHsZczMUjeASP4lE8hsfwOB7HE3gCT+EpPI2n8QyewXN4Di/gr3gRL+Fl9BhjpYi119k4e70taG+wMbaA/fu4qC1mE2xxW8IaW9gW+YcYrbWJtowta8tZZ8vbJHvb7+IqtqqtZqvbu20Ne4+t+bu4gb3fNrQP2Eb2QVvf3vcPcWP7kG1iH7dN7RO2mW1tm9u2toV93La0T9hWtrVtY9vazvYZ28U+a5Ptc7arff53caZdZtfbDXaj3WT32y/tOXveHrU/2Av2V9vP9rfD7Ot2uH3DjrBv2lQ78nfxePuunWAn2kl2sp1ip/4unmVn23Q7x861H9p5dv7v4gz7iV1os+wiu9gusUt/i6/0lGU/tcvtZzbbrrAr7Sq72q6xa+26f+91ld1it9ptdp/9wu6wO+0uu9vusXt/i6+cxwH7lc2xX9sj9nt7yH5jD9tjNtd+91t85fyO2R/tcfuTPWFP2lP2Z3va/mLP2LO/nf+Vc//ZXrKXrbeCgCQp0hRQPspPMVSAYuk6iqPrqSDdQBG6keLpJipEN1NhKkJFqRglUHEqQYaQLBGFVJJKUZRuodJ0KyVSGSpL5chReUqi26gC3U4V6Q6qRHdSZbqLqlBVqkbV6W6qQfdQTapFteleqkN1qR7Vp/uoAd1PDekBakQPUmN6iJrQw9SUHqFm9Cg1p8eoBT1OLekJakWtqQ21pXb0JLWnp6gDdaRO9DR1pmeoCz1LyfQcdaXnqRu9QN3pRepBL1FPepl6UW/qQ69QX3qV+lF/SqEBNJBeo0E0mIbQUBpGr9NweoNG0JuUSiNpFL1Fo+ltGkPv0FgaR+PpXZpAE2kSTaYpNJXS6D2aRu/TdPqAZtBMmkWzKZ3m0Fz6kObRfFpAH9FC+pgW0WJaQkspgz6hTFpGWfQpLafPKJtW0EpaRatpDa2ldbSeNtBG2kSbaQttpW20nT6nHbSTdtFu2kN7aR99QfvpSzpAX1EOfU0H6S90iL6hw/Qt5dJ3dIS+p6P0Ax2jH+k4/UQn6CSdop/pNP1CZ+gsnaPzdIF+pYt0iS6TJxFCKEMV6jAI84X5w5iwQBgbXhfGhdeHBcMbwkh4Yxgf3hQWCm8OC4dFwqJhsTAhLB6WCE2IoQ0pDMOSYakwGt4Slg5vDRPDMmHZsFzowvJhUnhbWCG8PawY3hFWCu8MK4d3hVXCquHjD1YP7w5rhPeENcNaYe3w3rBOWDesF9YP7wsbhPeHDcMHwkbhg2HF8KGwSfhw2DR8JGwWPho2Dx8LW4SPhy3DJ8JWYeuwTdg2bBc+GbYPnwo7hB3DTuHTYefwmbBL+GyYHD4Xdg2f/8PjKeGAcGD4Wvha6P0Dakl0aTQj+kk0M7osmhX9NLo8+lk0O7oiujK6Kro6uia6Nrouuj66Iboxuim6ObolujW6Lep9/fzCgZNOOe0Cl8/ldzGugIt117k4d70r6G5wEXeji3c3uULuZlfYFXFFXTGX4Iq7Es44dNaRC11JV8pF3S2utLvVJboyrqwr55wr75JcW9fOtXPt3VOug+voOrmn3dPuGfeMe9Y9655zXd3zrpt7wXV3L7oe7iX3knvZ9XK9XR/3iuvrXnX9XH+X4lLcQDfQDXKD3BA3xA1zw9xwN9yNcCNcqkt1o9woN9qNdmPcGDfWjXXj3Xg3wU1wk9wkN8VNcWkuzU1z09x0N93NcDPcLDfLpbt0N9fNdfPcPLfALXALExe6RW6RW+KWuAyX4TJdpstyWW65W+6yXbZb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+F2uF1ul9vj9rh9bp/b7/a7A+6Ay3E57qA76A65Q+6w+9bluu/cEfe9O+p+cMfcj+64+8mdcCfdKfezO+1+cWfcWXfOnXcX3K/uorvkLjvv0iLvRaZF3o9Mj3wQmRGZGZkVmR1Jj8yJzI18GJkXmR9ZEPkosjDycWRRZHFkSWRpJCPySSQzsiySFfk0sjzyWSQ7siKyMrIqsjqyJuJ98R2hL+lL+ai/xZf2t/pEX8aX9eW88+V9kr/NV/C3+4r+Dl/J3+kr+7t8FV/VV/NP+Fa+tW/j2/p2/knf3j/lO/iOvpN/2nf2z/gu/lmf7J/zXf3zvpt/wXf3L/oe/iXf07/se/nevo9/xff1r/p+vr9P8QP8QP+aH+QH+yF+qB/mX/fD/Rt+hH/Tp/qRfpR/y4/2b/sx/h0/1o/z4/27foKf6Cf5yX6Kn+rT/Ht+mn/fT/cf+Bl+pp/lZ/t0P8fP9R/6eX6+X+A/8gv9x36RX+yX+KU+w3/iM/0yn+U/9cv9Zz7br/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3X/ud/idfpff7ff4vX6f/8Lv91/6A/4rn+O/9gf9X/wh/40/7L/1uf47f8R/74/6H/wx/6M/7n/yJ/xJf8r/7E/7X/wZf9af8+f9Bf+rv+gv+cv8P2uMMcYYY/8t6g+OD/gn35N/W1cMFEJcv7NY7n+subnwX/eDZULniBDiuf49H/23VadOSkrK3x6brURQarEQInI1P5+4Gq8QncQzIll0FBX+aX+DZe8L9Af1o3cKEft3OTHiany1/u3/Sf0nnx6fWTk8F/9f1F8sRGKpqzkFxNX4av2K/0n9Iu3/oP8C36QJ0eHvcuLE1fhq/STxlHheJP/DIxljjDHGGGOMsb8aLKt1/6P75yv35wn6ak5+cTX+o/tzxhhjjDHGGGOMXXsv9u7z7JPJyR2784Y3vOHNv2+u9V8mxhhjjDHG2J/t6kX/te6EMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLu/5/fJzYtT5HxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhj7Fr7PwEAAP//SOc8Mw==")
socket$inet_udp(0x2, 0x2, 0x0)

4.651209788s ago: executing program 5 (id=3298):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r5 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(r5, 0x0, 0x0)
fchdir(r6)
r7 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r7, 0x2007ffb)
sendfile(r7, r7, 0x0, 0x739ec272)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat(0xffffffffffffff9c, 0x0, 0x1c1002, 0x0)

4.5157752s ago: executing program 4 (id=3299):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000340)='leases_conflict\x00', r2}, 0x18)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0, 0x0)

3.446944797s ago: executing program 5 (id=3300):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000060000000500"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000001900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0xffffff4f, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffd98, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0, r1}, 0x18)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r3, r4, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x72, 0x0, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

3.276588389s ago: executing program 4 (id=3301):
creat(0x0, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x200000000000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xffffffffffffffff)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, 0x0})
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x20d41, 0x0)
ioctl$TIOCVHANGUP(r4, 0x5437, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x13, &(0x7f0000000080)=@framed={{0x18, 0x8, 0x0, 0x0, 0xffd0}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0}, @generic={0x66, 0x8}, @initr0, @exit, @alu={0x6, 0x0, 0x3, 0xa, 0x0, 0x2}, @printk={@x, {}, {}, {}, {}, {0x5, 0x0, 0xb, 0xa}}]}, &(0x7f0000000000)='GPL\x00', 0x2, 0xff5c, &(0x7f0000000340)=""/222, 0x0, 0x8}, 0x78)
syz_open_dev$usbmon(&(0x7f0000000080), 0x206668a2, 0x300)

2.326656404s ago: executing program 5 (id=3302):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x10)
ustat(0x9, 0x0)

1.767323622s ago: executing program 3 (id=3303):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000001040)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000004c0)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@uuid_on}, {@index_off}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@xino_on}], [], 0x2c})

1.765387053s ago: executing program 4 (id=3304):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f00000005c0)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xa, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000d8d60b007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0)
r5 = fsmount(r4, 0x0, 0x0)
fchdir(r5)
r6 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
ftruncate(r6, 0x2007ffb)
sendfile(r6, r6, 0x0, 0x739ec272)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
openat(0xffffffffffffff9c, 0x0, 0x1c1002, 0x0)

1.659210954s ago: executing program 5 (id=3305):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$ETHTOOL_MSG_CHANNELS_GET(r0, 0x0, 0x8000)
sched_setscheduler(0x0, 0x1, &(0x7f0000000040)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f0000000000)=0x5)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000001700)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x3fffffffffffcb5, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000000000800000000000", @ANYBLOB='\x00\x00\x00\x00\x00\x00', @ANYRES32], 0x48)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000020000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000006c0)='sched_switch\x00', r5}, 0x18)
lgetxattr(&(0x7f0000000280)='./file1\x00', 0x0, &(0x7f0000001740)=""/4096, 0x1000)
syz_clone(0x148c5400, &(0x7f0000000880), 0x0, 0x0, &(0x7f0000000380), &(0x7f0000000540)="61c88661dd7c5dd749efb9a0f3f5f0953c36edc9891cb93ee9e451daa28b781ca49ecafc7d52b0834e60c857f2ba77f76f74bb")
sendmsg$NL80211_CMD_SET_INTERFACE(r0, 0x0, 0x0)
syz_open_dev$usbfs(0x0, 0x20000007d, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r8=>0x0})
socket$netlink(0x10, 0x3, 0x61d2b664bdca8124)
sendmsg$nl_route_sched(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=@getchain={0x2c, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r8, {}, {}, {0xfff3}}, [{0x8, 0xb, 0x1}]}, 0x2c}}, 0x0)

1.436873308s ago: executing program 0 (id=3306):
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000180)=ANY=[@ANYBLOB="1500000065ffff097b00000800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18)
mkdir(&(0x7f0000000300)='./file0\x00', 0xfffffffffffffffe)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r4])
mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0)

160.769047ms ago: executing program 1 (id=3307):
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x4, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000007110110000000000950a008000000000e8b6579ddee9ca80fa107a2a4ec3fc29eb3400fe00456b00f4161d817bc2897f8a7db7c8c936199e5ae2bafb43744e85f5bcd2f6de240f399962f2be99bb117d42323f375fc363f90af49b85a70a9bd68593a990434d57e9a1f209a1223adedfd9111767c0b2e0d71377580da2796348c08d2d54f20dc9a6e39d6e0e2a1c5f1b27ad518bafd921a914"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xb}, 0x80)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b000000000000000000000000000400", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x3000000, &(0x7f00000006c0), 0x1, 0x513, &(0x7f0000000c40)="$eJzs3W9rJHcdAPDvTLJp7i41WxU5C7bFVu6K3m7S2DaKtBVEHxXU+jzGZBNCNtmQ3dRLKJriCxBEVPAF+ETwBQjSlyDCgT4XFUX0Th/qjczuRPNnN1mSTfbcfD4w2d9v/n2/vyE7O39+zARwbb0QEW9FxFhEvBwR08X4tBgW8sp+Z75HD99byocksuydvyWRFOMO1pXXxyPiVmeRmIyIr38l4lvJybjN3b31xXq9tl3Uq62NrWpzd+/e2sbiam21tjk3N/va/Ovzr87PZIULtbMcEW986U8/+v7PvvzGrz7z7d8v/OXud/K0vvCxTt4RsXShAD101l1qb4sD+TbavoxgQ5K3pzQ27CwAAOhHfoz/4Yj4ZPv4fzrG2kdzAAAAwCjJ3pyKfyURGQAAADCy0oiYiiStFH0BpiJNK5VOH96Pxs203mi2Pr3S2NlczqdFlKOUrqzVazNFX+FylJK8Plv0sT2ov3KsPhcRz0TED6dvtOuVpUZ9edgXPwAAAOCauPX80fP/f06n7TIAAAAwYso9KwAAAMCocMoPAAAAo8/5PwAAAIy0r779dj5kB+/xXn53d2e98e695VpzvbKxs1RZamxvVVYbjdX2M/s2zlpfvdHY+mxs7tyvtmrNVrW5u7ew0djZbC2sHXkFNgAAAHCFnnn+g98lEbH/+RvtIYrnAAIc8cdhJwAM0tiwEwCGZnzYCQBDUzpzDnsIGHXJGdNPdt7pXCuMX19OPgAAwODd+fjJ+/8TxbSzrw0A/8/09QGA68fdPbi+SuftAXh70JkAw/KhzsdTvab3fHhHH/f/O9cYsuxciQEAAAMz1R6StFIcp09FmlYqEU+3XwtQSlbW6rWZ4vzgt9Olp/L6bHvJ5Mw+wwAAAAAAAAAAAAAAAAAAAAAAAABAR5YlkQEAAAAjLSL9c9J+mn/EnemXpo5eHTj21q+fvvPj+4ut1vZsxETy9+l81EREtH5SjH8l80oAAAAAeAJ0ztOLz9lhZwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAqHn08L2lg+Eq4/71ixFR7hZ/PCbbn5NRioib/0hi/NBySUSMDSD+/vsRcbtb/CQeZ1lWLrLoFv/GJccvtzdN9/hpRNwaQHy4zj7I9z9vdfv+pfFC+7P792+8GC6q9/4v/e/+b6zH/ufpY/Venn3wi2rP+O9HPDveff9zED/pxD8SIq+82Gcbv/mNvb2uEw6tslv8w7GqrY2tanN3797axuJqbbW2OTc3+9r86/Ovzs9UV9bqteJv1zA/+MQvH5/W/ps94pePtv/E9n+pr9Zn8e8H9x9+pFMpdYt/98Xuv7+3e8RPi9++TxXlfPqdg/J+p3zYcz//zXOntX+5R/snz2j/3b7aH597+Wvf+0PXKSe2BgBwFZq7e+uL9Xpt+5TCZB/zXHHhzScjjQEW4slIY1iF7Lud/8eLreeCi58oZBdZfDwGkMbEie/pWJx3hUnEfr6uPv8hAQCAEfO/g/7T7iABAAAAAAAAAAAAAAAAAAAAl+mcjyWbjIi+Zz4ec384TQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAONV/AgAA//8FStFZ")
socket$vsock_stream(0x28, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
fsopen(0x0, 0x0)
r3 = open(&(0x7f0000000040)='./bus\x00', 0x143142, 0x80)
socket(0x27, 0x3, 0x3a)
ftruncate(r3, 0x2007ffb)
sendfile(r3, r3, 0x0, 0x1000000201005)

159.840627ms ago: executing program 4 (id=3308):
socket$inet6(0xa, 0x3, 0x3c)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0, r1}, 0x18)
r2 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
pwritev(r2, &(0x7f0000000600)=[{&(0x7f0000000240)="02000000", 0x4}, {&(0x7f00000008c0)="f697079a161cfb7502fbbdcda76933ddd0c24170eb4d0100f907f5", 0x1b}], 0x2, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7)
rt_sigsuspend(0x0, 0x0)
syz_open_dev$tty20(0xc, 0x4, 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r6 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r6, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0x8000000}, 0xc)
r7 = socket$nl_audit(0x10, 0x3, 0x9)
bind$netlink(r7, &(0x7f00000007c0)={0x10, 0x0, 0x25dfdbfd, 0xfddbdf25}, 0xc)

0s ago: executing program 0 (id=3309):
bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
socketpair$unix(0x1, 0x3, 0x0, 0x0)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
syz_emit_ethernet(0x46, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r3 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0x4, &(0x7f00000002c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r6}, 0x10)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x2}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, 0x0, 0x20004804)

kernel console output (not intermixed with test programs):

ption
[ 1177.952456][T11450] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 1177.971703][T11450] EXT4-fs (loop0): 1 truncate cleaned up
[ 1177.976078][  T303] usb 4-1: Found UVC 0.02 device <unnamed> (04f2:b746)
[ 1177.977374][T11450] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1177.984343][  T303] usb 4-1: No valid video chain found.
[ 1178.002630][ T8175] usb 2-1: Using ep0 maxpacket: 16
[ 1178.013510][ T8175] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1178.034804][ T8175] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1178.049052][ T8175] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1178.062372][ T8175] usb 2-1: config 0 interface 0 has no altsetting 0
[ 1178.069030][ T8175] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1178.078252][ T8175] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1178.095233][ T8175] usb 2-1: config 0 descriptor??
[ 1178.828132][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1179.069902][T11461] loop4: detected capacity change from 0 to 512
[ 1179.532871][  T539] usb 4-1: USB disconnect, device number 26
[ 1179.618009][ T8175] hid (null): global environment stack underflow
[ 1179.624418][ T8175] hid (null): unknown global tag 0xe
[ 1179.632494][ T8175] usb 2-1: USB disconnect, device number 21
[ 1180.501801][T11461] EXT4-fs (loop4): 1 orphan inode deleted
[ 1180.507613][T11461] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1180.516798][T11461] ext4 filesystem being mounted at /491/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1180.528377][ T1481] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1180.567225][ T1481] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:8: Failed to release dquot type 1
[ 1181.034035][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1181.130728][T11482] overlayfs: failed to resolve './file0': -2
[ 1181.141174][T11483] loop4: detected capacity change from 0 to 512
[ 1181.147789][T11483] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1181.155612][T11483] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1181.296359][T11483] EXT4-fs (loop4): 1 truncate cleaned up
[ 1181.302145][T11483] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1182.091976][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1182.169352][T11506] loop1: detected capacity change from 0 to 512
[ 1182.175969][T11506] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1182.201990][T11506] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1182.603605][T11509] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2617'.
[ 1183.528475][T11506] EXT4-fs (loop1): 1 truncate cleaned up
[ 1183.534207][T11506] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1183.629576][T11521] loop0: detected capacity change from 0 to 2048
[ 1183.736206][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1183.739878][T11521] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 1184.308671][T11534] overlayfs: failed to resolve './file1': -2
[ 1184.317890][T11533] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2625'.
[ 1184.941415][T11537] usb usb1: usbfs: process 11537 (syz.3.2626) did not claim interface 0 before use
[ 1184.951155][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1185.241702][T11554] tipc: Failed to remove unknown binding: 66,1,1/0:4097579883/4097579885
[ 1185.520593][T11556] loop4: detected capacity change from 0 to 512
[ 1185.521859][T11551] device vti0 entered promiscuous mode
[ 1185.562681][T11556] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1186.787403][T11556] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1186.930205][T11556] EXT4-fs (loop4): 1 truncate cleaned up
[ 1186.954644][T11556] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1187.007785][T11567] incfs: Can't find or create .index dir in ./file0
[ 1187.250551][T11567] incfs: mount failed -14
[ 1187.544298][T11578] overlayfs: failed to resolve './file1': -2
[ 1188.401989][T11592] loop0: detected capacity change from 0 to 512
[ 1188.428806][T11592] EXT4-fs: Ignoring removed bh option
[ 1188.459748][T11592] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1188.469088][T11592] ext4 filesystem being mounted at /567/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1188.514739][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1189.323925][T11602] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #12: comm syz.0.2645: Directory hole found for htree leaf block 0
[ 1189.337520][T11602] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1189.347209][T11602] overlayfs: conflicting lowerdir path
[ 1189.357079][T11606] incfs: Can't find or create .index dir in ./file0
[ 1189.364170][T11606] incfs: mount failed -14
[ 1189.396299][T11612] tipc: Failed to remove unknown binding: 66,1,1/0:3981601114/3981601116
[ 1189.517352][T11622] loop4: detected capacity change from 0 to 512
[ 1189.530168][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1191.755959][  T303] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0
[ 1191.764175][  T303] hid-generic 0000:0000:0000.003C: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1191.806109][T11631] fido_id[11631]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1191.826745][T11622] EXT4-fs (loop4): 1 orphan inode deleted
[ 1191.861647][T11622] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1191.877793][T11622] ext4 filesystem being mounted at /497/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1191.877858][ T1481] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1191.915677][ T1481] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:8: Failed to release dquot type 1
[ 1192.250970][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1192.296561][T11641] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2659'.
[ 1192.389471][T11644] overlayfs: failed to resolve './file1': -2
[ 1192.417089][T11645] loop1: detected capacity change from 0 to 512
[ 1192.426598][T11645] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1192.434254][T11645] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1192.445805][T11645] EXT4-fs (loop1): 1 truncate cleaned up
[ 1192.451565][T11645] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1192.877613][T11654] incfs: Can't find or create .index dir in ./file0
[ 1192.896668][T11654] incfs: mount failed -14
[ 1193.133573][T11661] loop4: detected capacity change from 0 to 256
[ 1193.140241][T11661] exfat: Deprecated parameter 'utf8'
[ 1193.145651][T11661] exfat: Deprecated parameter 'namecase'
[ 1193.151335][T11661] exfat: Deprecated parameter 'utf8'
[ 1193.156661][T11661] exfat: Bad value for 'gid'
[ 1193.214547][ T8393] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1194.343803][T11679] loop3: detected capacity change from 0 to 512
[ 1194.394977][T11679] EXT4-fs (loop3): 1 orphan inode deleted
[ 1194.400785][T11679] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1194.409874][T11679] ext4 filesystem being mounted at /525/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1195.123436][T11689] loop0: detected capacity change from 0 to 512
[ 1195.295092][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1195.397162][T11689] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1195.406596][T11689] ext4 filesystem being mounted at /571/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1196.176474][T11685] loop4: detected capacity change from 0 to 40427
[ 1196.185720][T11685] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1196.193508][T11685] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1196.195901][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1196.212788][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1196.226273][T11685] F2FS-fs (loop4): invalid crc value
[ 1196.347062][T11685] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1198.427056][T11726] loop1: detected capacity change from 0 to 512
[ 1198.435621][T11726] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1198.444121][T11726] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[ 1199.642554][T11726] EXT4-fs (loop1): 1 truncate cleaned up
[ 1199.648248][T11726] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1199.725325][T11734] incfs: Can't find or create .index dir in ./file0
[ 1199.745564][T11734] incfs: mount failed -14
[ 1199.888640][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1199.990353][T11740] loop4: detected capacity change from 0 to 512
[ 1200.011385][T11739] incfs: Can't find or create .index dir in ./file0
[ 1200.019323][T11739] incfs: mount failed -14
[ 1200.107732][T11747] loop3: detected capacity change from 0 to 512
[ 1200.116991][T11740] EXT4-fs (loop4): 1 orphan inode deleted
[ 1200.122877][T11740] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1200.132194][T11740] ext4 filesystem being mounted at /504/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1200.143298][ T9442] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1200.159770][ T9442] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 1
[ 1200.163933][T11747] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1200.529539][T11747] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[ 1200.541765][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1200.549310][T11747] EXT4-fs (loop3): 1 truncate cleaned up
[ 1200.590537][T11747] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1202.796746][  T615] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[ 1203.430402][  T615] usb 1-1: Using ep0 maxpacket: 16
[ 1203.436772][  T615] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1203.459039][  T615] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1203.479607][  T615] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1203.512820][  T615] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1203.528675][  T615] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1203.546998][  T615] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1203.567770][  T615] usb 1-1: config 0 descriptor??
[ 1203.660203][T11786] incfs: Can't find or create .index dir in ./file0
[ 1203.667127][T11786] incfs: mount failed -14
[ 1203.694828][T11788] incfs: Can't find or create .index dir in ./file0
[ 1203.701579][T11788] incfs: mount failed -14
[ 1204.836779][T11796] loop4: detected capacity change from 0 to 512
[ 1205.000723][T11796] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1205.009983][T11796] ext4 filesystem being mounted at /510/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1205.774280][  T615] hid (null): global environment stack underflow
[ 1205.792584][  T615] hid (null): unknown global tag 0xe
[ 1205.799913][  T615] usb 1-1: USB disconnect, device number 30
[ 1205.820071][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1205.830801][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1207.090527][T11792] loop1: detected capacity change from 0 to 40427
[ 1207.112171][T11792] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[ 1207.146511][T11792] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[ 1207.159049][T11792] F2FS-fs (loop1): invalid crc value
[ 1207.182309][T11792] F2FS-fs (loop1): Found nat_bits in checkpoint
[ 1207.268815][T11828] incfs: Can't find or create .index dir in ./file0
[ 1207.275593][T11828] incfs: mount failed -14
[ 1207.291224][T11792] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[ 1207.298677][T11792] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[ 1207.303893][T11831] incfs: Can't find or create .index dir in ./file0
[ 1207.574500][T11834] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2711'.
[ 1207.794637][T11835] loop3: detected capacity change from 0 to 4096
[ 1207.801434][T11835] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1207.812600][T11835] EXT4-fs (loop3): Test dummy encryption mode enabled
[ 1207.821874][T11831] incfs: mount failed -14
[ 1207.839041][T11835] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1208.060992][T11842] loop4: detected capacity change from 0 to 512
[ 1208.068093][T11842] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1209.161638][T11842] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[ 1209.341282][T11842] EXT4-fs (loop4): 1 truncate cleaned up
[ 1209.346973][T11842] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1210.309357][T11849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.2720'.
[ 1211.307236][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1212.788334][T11874] incfs: Can't find or create .index dir in ./file0
[ 1212.800413][T11874] incfs: mount failed -14
[ 1212.820400][T11875] loop1: detected capacity change from 0 to 512
[ 1212.934163][T11875] EXT4-fs (loop1): 1 orphan inode deleted
[ 1212.939943][T11875] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1212.949735][T11875] ext4 filesystem being mounted at /531/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1214.743248][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1215.316882][T11873] loop4: detected capacity change from 0 to 40427
[ 1215.340789][T11873] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1215.453740][T11873] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1215.498085][T11873] F2FS-fs (loop4): invalid crc value
[ 1215.555711][T11873] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1215.655069][T11873] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1215.677227][T11873] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1216.042203][T11891] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2731'.
[ 1216.067578][T11898] loop1: detected capacity change from 0 to 512
[ 1216.491364][T11898] EXT4-fs: Ignoring removed bh option
[ 1216.651729][   T28] audit: type=1400 audit(1751894576.592:209): avc:  denied  { write } for  pid=11890 comm="syz.5.2733" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1216.718961][T11898] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1216.733251][T11909] loop0: detected capacity change from 0 to 512
[ 1216.740091][T11909] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1219.080711][T11909] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 1219.095273][T11898] ext4 filesystem being mounted at /532/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1219.190267][T11909] EXT4-fs (loop0): 1 truncate cleaned up
[ 1219.195983][T11909] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1219.223620][T11917] loop4: detected capacity change from 0 to 512
[ 1219.240503][T11917] EXT4-fs: Ignoring removed bh option
[ 1219.275381][T11917] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1219.284370][T11917] ext4 filesystem being mounted at /518/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1219.813446][T11922] overlayfs: failed to clone upperpath
[ 1221.088368][T11925] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #12: comm syz.1.2732: Directory hole found for htree leaf block 0
[ 1221.088423][T11923] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #12: comm syz.4.2736: Directory hole found for htree leaf block 0
[ 1221.115610][T11925] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1221.125277][T11925] overlayfs: conflicting lowerdir path
[ 1221.125278][T11923] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1221.125322][T11923] overlayfs: conflicting lowerdir path
[ 1221.132026][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1221.192042][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1221.243552][T11932] incfs: Can't find or create .index dir in ./file0
[ 1221.256966][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1221.263055][T11932] incfs: mount failed -14
[ 1221.298925][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1222.887845][T11950] loop3: detected capacity change from 0 to 512
[ 1223.071875][T11950] EXT4-fs (loop3): 1 orphan inode deleted
[ 1223.078025][T11950] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1223.089731][T11950] ext4 filesystem being mounted at /531/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1223.640990][T11956] tipc: Failed to remove unknown binding: 66,1,1/0:485013457/485013459
[ 1223.996711][T11958] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2747'.
[ 1224.107922][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1226.013397][T11971] loop1: detected capacity change from 0 to 512
[ 1227.125045][T11979] incfs: Can't find or create .index dir in ./file0
[ 1227.131836][T11979] incfs: mount failed -14
[ 1227.136533][T11971] EXT4-fs (loop1): 1 orphan inode deleted
[ 1227.142588][T11971] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1227.151817][T11971] ext4 filesystem being mounted at /535/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1227.184522][T11984] incfs: Can't find or create .index dir in ./file0
[ 1227.194601][T11984] incfs: mount failed -14
[ 1227.694046][T11988] loop3: detected capacity change from 0 to 512
[ 1227.700956][T11988] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1227.727532][T11988] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[ 1227.745044][T11988] EXT4-fs (loop3): 1 truncate cleaned up
[ 1227.750835][T11988] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1227.783002][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1229.705148][T12010] loop0: detected capacity change from 0 to 512
[ 1230.603690][T12012] loop1: detected capacity change from 0 to 512
[ 1230.667170][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1230.754377][T12010] EXT4-fs (loop0): 1 orphan inode deleted
[ 1230.760165][T12010] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1230.770731][T12012] EXT4-fs (loop1): 1 orphan inode deleted
[ 1230.776494][T12012] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1230.787574][T12012] ext4 filesystem being mounted at /537/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1230.867371][T12010] ext4 filesystem being mounted at /593/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1231.546451][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1231.625840][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1232.567724][T12019] loop4: detected capacity change from 0 to 40427
[ 1232.592000][T12019] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1232.598036][T12028] incfs: Can't find or create .index dir in ./file0
[ 1232.600048][T12019] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1232.606852][T12028] incfs: mount failed -14
[ 1232.917371][T12019] F2FS-fs (loop4): invalid crc value
[ 1232.961126][T12019] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1233.175819][T12019] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1233.183415][T12019] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1234.135203][T12052] loop0: detected capacity change from 0 to 512
[ 1235.991466][T12052] EXT4-fs (loop0): 1 orphan inode deleted
[ 1235.997250][T12052] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1236.006530][T12052] ext4 filesystem being mounted at /596/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1236.117633][T12069] loop3: detected capacity change from 0 to 512
[ 1236.212309][T12069] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1236.283888][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1236.327632][T12069] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[ 1236.469264][T12069] EXT4-fs (loop3): 1 truncate cleaned up
[ 1236.488928][T12069] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1236.521033][T10117] hid-generic 0000:0000:0000.003E: unknown main item tag 0x0
[ 1236.529804][T10117] hid-generic 0000:0000:0000.003E: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1236.651648][T12084] loop0: detected capacity change from 0 to 512
[ 1237.377166][T12084] EXT4-fs (loop0): 1 orphan inode deleted
[ 1237.383023][T12084] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1237.393943][T12084] ext4 filesystem being mounted at /597/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1237.955429][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1237.995762][T12085] fido_id[12085]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1238.162605][T12099] loop0: detected capacity change from 0 to 512
[ 1238.219994][T12099] EXT4-fs (loop0): 1 orphan inode deleted
[ 1238.225833][T12099] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1238.235758][T12099] ext4 filesystem being mounted at /598/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1238.358538][  T284] EXT4-fs (loop0): unmounting filesystem.
[ 1240.590053][T12098] loop4: detected capacity change from 0 to 40427
[ 1240.610504][T12098] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1240.618255][T12098] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1240.657097][T12098] F2FS-fs (loop4): invalid crc value
[ 1240.718494][T12098] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1240.749178][T12114] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1240.756404][T12114] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1240.765576][T12114] device bridge_slave_0 entered promiscuous mode
[ 1240.775163][T12114] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1240.782386][T12114] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1241.611684][T12098] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1241.618742][T12098] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1241.630646][T12114] device bridge_slave_1 entered promiscuous mode
[ 1242.332616][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1242.366577][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1242.401779][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1242.410426][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1242.418577][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1242.426220][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1242.440816][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1242.456559][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1242.471367][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1242.489626][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1242.507130][ T4600] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1242.514220][ T4600] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1242.522034][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1242.527959][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1242.530659][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1242.544205][ T4600] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1242.551258][ T4600] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1242.559139][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1242.572475][T12114] device veth0_vlan entered promiscuous mode
[ 1242.591209][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1242.601963][T12114] device veth1_macvtap entered promiscuous mode
[ 1242.613311][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1242.628319][ T4600] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1242.652910][   T28] audit: type=1400 audit(1751894602.602:210): avc:  denied  { mounton } for  pid=12114 comm="syz-executor" path="/root/syzkaller.e1h4nz/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1
[ 1242.893410][T12141] loop3: detected capacity change from 0 to 4096
[ 1242.900117][T12141] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1242.908168][T12141] EXT4-fs (loop3): Test dummy encryption mode enabled
[ 1242.991073][T12141] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1243.304906][T12141] overlayfs: './file1' not a directory
[ 1244.393506][T12157] loop4: detected capacity change from 0 to 512
[ 1247.319755][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1247.606832][T12157] EXT4-fs (loop4): 1 orphan inode deleted
[ 1247.612754][T12157] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1247.623056][T12157] ext4 filesystem being mounted at /527/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1247.623350][ T1481] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1250.033074][ T1481] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:8: Failed to release dquot type 1
[ 1250.057065][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1250.223312][T10117] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0
[ 1250.314598][T10117] hid-generic 0000:0000:0000.003F: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1250.323680][T12186] loop0: detected capacity change from 0 to 512
[ 1250.457508][T12192] loop1: detected capacity change from 0 to 512
[ 1250.505853][T12186] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1250.584695][T12192] EXT4-fs (loop1): 1 orphan inode deleted
[ 1250.590571][T12192] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1250.600072][T12192] ext4 filesystem being mounted at /545/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1250.694578][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1250.720189][T12186] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 1250.910855][T12203] fuse: Bad value for 'fd'
[ 1250.917044][T12186] EXT4-fs (loop0): 1 truncate cleaned up
[ 1250.930509][T12186] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1251.195415][T12209] overlayfs: failed to clone upperpath
[ 1252.069541][T12219] loop4: detected capacity change from 0 to 512
[ 1255.491773][T12228] loop3: detected capacity change from 0 to 512
[ 1255.500697][T12219] EXT4-fs (loop4): 1 orphan inode deleted
[ 1255.506496][T12219] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1255.515765][T12219] ext4 filesystem being mounted at /529/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1255.520400][ T3121] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1255.546319][ T3121] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:15: Failed to release dquot type 1
[ 1255.570740][T12228] EXT4-fs: Ignoring removed bh option
[ 1255.631333][T12228] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1255.648541][T12228] ext4 filesystem being mounted at /541/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1256.734550][T12236] EXT4-fs error (device loop3): ext4_add_entry:2486: inode #12: comm syz.3.2814: Directory hole found for htree leaf block 0
[ 1256.749112][T12236] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1256.759000][T12236] overlayfs: conflicting lowerdir path
[ 1256.920514][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1256.934232][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1256.972003][T12238] loop3: detected capacity change from 0 to 512
[ 1256.993580][T12238] EXT4-fs: Ignoring removed bh option
[ 1257.095521][T12240] loop4: detected capacity change from 0 to 512
[ 1257.119927][T12238] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1257.129784][T12240] EXT4-fs (loop4): 1 orphan inode deleted
[ 1257.134933][T12238] ext4 filesystem being mounted at /542/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1257.135606][T12240] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1257.170526][T12240] ext4 filesystem being mounted at /530/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1259.283388][T12257] EXT4-fs error (device loop3): ext4_add_entry:2486: inode #12: comm syz.3.2819: Directory hole found for htree leaf block 0
[ 1259.297179][T12257] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1259.306903][T12257] overlayfs: conflicting lowerdir path
[ 1259.317712][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1259.455747][T12258] loop1: detected capacity change from 0 to 4096
[ 1259.462953][T12258] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1259.471183][T12258] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1259.531215][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1259.607473][T12258] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1260.087043][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1260.323376][T12274] overlayfs: failed to clone upperpath
[ 1261.060199][T12277] loop0: detected capacity change from 0 to 512
[ 1266.171739][T12277] EXT4-fs: error -4 creating inode table initialization thread
[ 1266.179414][T12277] EXT4-fs (loop0): mount failed
[ 1266.673897][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1267.405902][T12300] loop1: detected capacity change from 0 to 512
[ 1267.422655][T12300] EXT4-fs: Ignoring removed bh option
[ 1267.506147][T12300] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1267.535220][T12300] ext4 filesystem being mounted at /549/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1268.057480][T12313] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2833'.
[ 1268.067412][T12313] device bridge_slave_1 left promiscuous mode
[ 1268.075682][T12313] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1268.179884][T12313] device bridge_slave_0 left promiscuous mode
[ 1268.212284][T12313] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1271.657561][T12322] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #12: comm syz.1.2829: Directory hole found for htree leaf block 0
[ 1271.673714][T12322] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1271.683415][T12322] overlayfs: conflicting lowerdir path
[ 1271.727460][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1271.735942][T12329] loop0: detected capacity change from 0 to 512
[ 1271.745442][T12329] EXT4-fs: Ignoring removed bh option
[ 1271.776400][T12329] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1271.785517][T12329] ext4 filesystem being mounted at /6/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1273.405368][T12338] loop3: detected capacity change from 0 to 4096
[ 1273.412424][T12338] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1273.620467][T12338] EXT4-fs (loop3): Test dummy encryption mode enabled
[ 1273.635248][T12340] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #12: comm syz.0.2838: Directory hole found for htree leaf block 0
[ 1273.650119][T12340] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1273.659750][T12340] overlayfs: conflicting lowerdir path
[ 1273.886757][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1273.918758][T12338] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1273.984585][T12338] overlayfs: './file1' not a directory
[ 1276.392725][T12358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2844'.
[ 1277.573952][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1278.232795][T12375] loop1: detected capacity change from 0 to 512
[ 1279.577998][T12375] EXT4-fs (loop1): 1 orphan inode deleted
[ 1279.583798][T12375] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1279.603159][T12375] ext4 filesystem being mounted at /551/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1279.659338][T12383] loop4: detected capacity change from 0 to 512
[ 1279.692722][T12383] EXT4-fs: Ignoring removed bh option
[ 1279.729749][T12383] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1279.786884][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1279.810759][T12383] ext4 filesystem being mounted at /537/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1281.194800][T12389] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #12: comm syz.4.2850: Directory hole found for htree leaf block 0
[ 1281.208478][T12389] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1281.218327][T12389] overlayfs: conflicting lowerdir path
[ 1281.361849][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1283.345707][T12433] xt_l2tp: v2 sid > 0xffff: 117440512
[ 1283.535874][T12435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2864'.
[ 1284.491831][T12436] loop3: detected capacity change from 0 to 512
[ 1284.906667][T12436] EXT4-fs (loop3): 1 orphan inode deleted
[ 1284.912508][T12436] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1284.923098][T12436] ext4 filesystem being mounted at /552/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1285.156562][T12448] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2865'.
[ 1285.477431][T12446] incfs: Can't find or create .index dir in ./file0
[ 1285.504459][T12446] incfs: mount failed -14
[ 1286.214127][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1286.268873][T12458] loop0: detected capacity change from 0 to 512
[ 1286.561863][T12458] EXT4-fs (loop0): 1 orphan inode deleted
[ 1286.567663][T12458] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1286.578063][T12458] ext4 filesystem being mounted at /11/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1287.035558][T12467] incfs: Can't find or create .index dir in ./file0
[ 1287.042262][T12467] incfs: mount failed -14
[ 1288.101722][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1289.755264][T12498] loop3: detected capacity change from 0 to 512
[ 1292.545102][T12513] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2885'.
[ 1292.575430][T12498] EXT4-fs: failed to create workqueue
[ 1292.581558][T12498] EXT4-fs (loop3): mount failed
[ 1292.917240][T12514] loop4: detected capacity change from 0 to 512
[ 1292.980364][   T28] audit: type=1400 audit(1751894652.922:211): avc:  denied  { accept } for  pid=12517 comm="syz.1.2888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1293.204524][T12514] EXT4-fs (loop4): 1 orphan inode deleted
[ 1293.210363][T12514] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1293.220142][T12514] ext4 filesystem being mounted at /542/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1293.226098][   T28] audit: type=1400 audit(1751894652.962:212): avc:  denied  { connect } for  pid=12515 comm="syz.5.2887" lport=7 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1293.247687][T12526] loop3: detected capacity change from 0 to 2048
[ 1293.294082][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1293.305046][T12526] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1293.448596][T12537] loop4: detected capacity change from 0 to 512
[ 1293.462964][T12537] EXT4-fs (loop4): 1 orphan inode deleted
[ 1293.468747][T12537] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1293.477899][T12537] ext4 filesystem being mounted at /543/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1293.488732][ T9442] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1293.540067][ T9442] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:9: Failed to release dquot type 1
[ 1293.599020][T12542] loop0: detected capacity change from 0 to 512
[ 1294.368991][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1294.442805][T12542] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1294.452006][T12542] ext4 filesystem being mounted at /14/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1294.736038][T12550] loop4: detected capacity change from 0 to 512
[ 1294.761235][T12550] EXT4-fs: Ignoring removed bh option
[ 1294.798613][T12548] loop1: detected capacity change from 0 to 512
[ 1294.806237][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1294.837917][T12548] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1294.847149][T12548] ext4 filesystem being mounted at /560/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1294.851285][T12550] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1294.874085][T12550] ext4 filesystem being mounted at /544/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1295.121933][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1295.630026][T12568] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #12: comm syz.4.2894: Directory hole found for htree leaf block 0
[ 1295.713215][T12568] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1295.722861][T12568] overlayfs: conflicting lowerdir path
[ 1295.813422][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1295.919985][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1297.503095][T12597] loop1: detected capacity change from 0 to 512
[ 1297.518540][T12597] EXT4-fs: Ignoring removed bh option
[ 1297.596949][T12600] loop4: detected capacity change from 0 to 2048
[ 1297.642504][T12596] loop0: detected capacity change from 0 to 512
[ 1297.649317][T12597] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1297.670435][T12597] ext4 filesystem being mounted at /563/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1297.684209][T12437] hid-generic 0000:0000:0000.0040: unknown main item tag 0x0
[ 1297.701879][T12437] hid-generic 0000:0000:0000.0040: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1297.954554][T12600] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1297.965131][T12596] EXT4-fs (loop0): 1 orphan inode deleted
[ 1298.020477][T12596] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1298.066174][  T513] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1298.078588][T12596] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1298.086457][  T513] EXT4-fs error (device loop0): ext4_release_dquot:6837: comm kworker/u4:5: Failed to release dquot type 1
[ 1298.467692][T12613] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #12: comm syz.1.2907: Directory hole found for htree leaf block 0
[ 1298.508720][T12613] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1298.518525][T12613] overlayfs: conflicting lowerdir path
[ 1298.587810][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1298.702473][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1298.742430][   T28] audit: type=1400 audit(1751894658.692:213): avc:  denied  { sqpoll } for  pid=12617 comm="syz.0.2911" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1
[ 1298.821065][   T28] audit: type=1400 audit(1751894658.742:214): avc:  denied  { map } for  pid=12617 comm="syz.0.2911" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=49036 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1298.986498][   T28] audit: type=1400 audit(1751894658.742:215): avc:  denied  { read write } for  pid=12617 comm="syz.0.2911" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=49036 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1
[ 1299.411441][T12630] loop1: detected capacity change from 0 to 512
[ 1299.440742][T12630] EXT4-fs: Ignoring removed bh option
[ 1299.541152][T12630] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1299.560483][T12630] ext4 filesystem being mounted at /564/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1301.064411][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1301.079979][T12635] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #12: comm syz.1.2912: Directory hole found for htree leaf block 0
[ 1301.113706][T12635] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1301.123400][T12635] overlayfs: conflicting lowerdir path
[ 1301.232473][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1301.241532][T12644] loop4: detected capacity change from 0 to 512
[ 1301.277488][T12644] EXT4-fs (loop4): 1 orphan inode deleted
[ 1301.283296][T12644] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1301.292379][ T9169] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1301.302306][ T9169] EXT4-fs error (device loop4): ext4_release_dquot:6837: comm kworker/u4:1: Failed to release dquot type 1
[ 1301.302340][T12644] ext4 filesystem being mounted at /547/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1301.357430][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1302.294599][T12666] loop3: detected capacity change from 0 to 512
[ 1302.326528][T12666] EXT4-fs (loop3): 1 orphan inode deleted
[ 1302.332340][T12666] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1302.341700][T12666] ext4 filesystem being mounted at /558/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1303.248596][T12676] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2926'.
[ 1304.229762][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1304.724395][T12686] xt_l2tp: v2 sid > 0xffff: 117440512
[ 1304.913470][T12690] loop0: detected capacity change from 0 to 256
[ 1304.920092][T12690] exfat: Deprecated parameter 'utf8'
[ 1304.925579][T12690] exfat: Deprecated parameter 'namecase'
[ 1304.931399][T12690] exfat: Deprecated parameter 'utf8'
[ 1304.936729][T12690] exfat: Bad value for 'gid'
[ 1305.078455][T12692] loop4: detected capacity change from 0 to 512
[ 1305.195560][T12692] EXT4-fs (loop4): 1 orphan inode deleted
[ 1305.201975][T12692] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1305.211163][T12692] ext4 filesystem being mounted at /550/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1305.264552][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1305.298428][T12707] loop0: detected capacity change from 0 to 2048
[ 1305.390862][T12707] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 1307.979392][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1308.365484][T12745] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2945'.
[ 1308.747701][T12747] loop1: detected capacity change from 0 to 512
[ 1308.762601][T12747] EXT4-fs (loop1): 1 orphan inode deleted
[ 1308.768326][T12747] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1308.777525][T12747] ext4 filesystem being mounted at /569/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1308.788050][   T43] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1308.798011][   T43] EXT4-fs error (device loop1): ext4_release_dquot:6837: comm kworker/u4:2: Failed to release dquot type 1
[ 1309.106508][T12752] overlayfs: failed to resolve './file1': -2
[ 1309.154826][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1309.187156][T12757] incfs: Can't find or create .index dir in ./file0
[ 1309.195592][T12757] incfs: mount failed -14
[ 1311.233462][T12774] loop1: detected capacity change from 0 to 512
[ 1312.736165][T12776] loop3: detected capacity change from 0 to 512
[ 1313.288786][T12776] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1313.298068][T12776] ext4 filesystem being mounted at /561/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1313.396174][T12774] EXT4-fs (loop1): 1 orphan inode deleted
[ 1313.401981][T12774] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1313.412641][T12774] ext4 filesystem being mounted at /570/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1314.095405][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1314.124648][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1314.145774][T12792] loop1: detected capacity change from 0 to 512
[ 1314.164834][T12792] EXT4-fs: Ignoring removed bh option
[ 1314.177264][T12796] loop4: detected capacity change from 0 to 512
[ 1315.306071][T12796] EXT4-fs (loop4): 1 orphan inode deleted
[ 1315.311225][T12792] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1315.311910][T12796] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1315.329746][T12796] ext4 filesystem being mounted at /558/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1315.346981][T12792] ext4 filesystem being mounted at /571/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1315.439605][T12803] loop0: detected capacity change from 0 to 512
[ 1315.539401][T12810] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #12: comm syz.1.2960: Directory hole found for htree leaf block 0
[ 1315.553870][T12810] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1315.563866][T12810] overlayfs: conflicting lowerdir path
[ 1315.596473][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1315.673922][T12803] EXT4-fs (loop0): 1 orphan inode deleted
[ 1315.679684][T12803] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1315.716791][T12803] ext4 filesystem being mounted at /32/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1315.736206][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1315.739547][T12815] loop4: detected capacity change from 0 to 512
[ 1315.760766][T12815] EXT4-fs: Ignoring removed bh option
[ 1315.776840][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1315.786928][T12790] loop3: detected capacity change from 0 to 40427
[ 1315.799220][T12790] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[ 1315.820446][T12790] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[ 1315.852528][T12790] F2FS-fs (loop3): invalid crc value
[ 1315.892362][T12815] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1315.902159][T12815] ext4 filesystem being mounted at /559/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1315.932261][T12790] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1315.966716][T12790] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[ 1316.936420][T12833] overlayfs: failed to resolve './file1': -2
[ 1317.967987][T12790] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1318.235400][T12837] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #12: comm syz.4.2965: Directory hole found for htree leaf block 0
[ 1318.249914][T12837] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1318.259591][T12837] overlayfs: conflicting lowerdir path
[ 1318.387871][ T7606] hid-generic 0000:0000:0000.0041: unknown main item tag 0x0
[ 1318.444502][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1319.636272][T12851] loop3: detected capacity change from 0 to 2048
[ 1319.667044][T12851] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1319.732185][ T7606] hid-generic 0000:0000:0000.0041: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1319.816520][T12861] loop0: detected capacity change from 0 to 512
[ 1319.856666][T12861] EXT4-fs: Ignoring removed bh option
[ 1320.077502][T12862] fido_id[12862]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1320.129816][T12861] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1320.217367][T12861] ext4 filesystem being mounted at /35/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1321.227685][T12260] hid-generic 0000:0000:0000.0042: unknown main item tag 0x0
[ 1321.264180][T12260] hid-generic 0000:0000:0000.0042: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[ 1321.275624][T12874] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #12: comm syz.0.2976: Directory hole found for htree leaf block 0
[ 1321.391972][T12874] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1321.401700][T12874] overlayfs: conflicting lowerdir path
[ 1321.451477][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1321.459853][T12876] fido_id[12876]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[ 1321.460425][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1321.697726][T12890] overlayfs: failed to resolve './file1': -2
[ 1322.519252][T12897] loop1: detected capacity change from 0 to 128
[ 1322.832419][T12899] loop0: detected capacity change from 0 to 512
[ 1323.901439][T12897] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1323.919054][T12899] EXT4-fs (loop0): 1 orphan inode deleted
[ 1323.924863][T12899] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1324.367554][T12897] ext4 filesystem being mounted at /576/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1324.391586][T12899] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1324.537534][   T28] audit: type=1400 audit(1751894684.482:216): avc:  denied  { create } for  pid=12896 comm="syz.1.2983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1
[ 1324.567537][T12897] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1324.568362][   T28] audit: type=1400 audit(1751894684.512:217): avc:  denied  { getopt } for  pid=12896 comm="syz.1.2983" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1
[ 1324.746025][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1324.781900][T12897] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1324.952838][T12917] xt_hashlimit: size too large, truncated to 1048576
[ 1324.979037][   T28] audit: type=1400 audit(1751894684.892:218): avc:  denied  { setopt } for  pid=12896 comm="syz.1.2983" lport=60 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1325.051304][T12913] tipc: Started in network mode
[ 1325.056274][T12913] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1325.065714][T12913] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1325.074528][T12913] tipc: Enabled bearer <udp:syz1>, priority 10
[ 1325.081543][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[ 1325.091742][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1325.106746][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[ 1325.121474][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1325.135120][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1325.156135][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1325.181963][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1325.416049][  T308] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1325.493211][T12927] loop3: detected capacity change from 0 to 512
[ 1325.500794][T12927] EXT4-fs: Ignoring removed bh option
[ 1325.542521][T12927] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1325.558619][T12927] ext4 filesystem being mounted at /568/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1325.687673][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1325.792096][T12933] EXT4-fs error (device loop3): ext4_add_entry:2486: inode #12: comm syz.3.2990: Directory hole found for htree leaf block 0
[ 1325.807316][T12933] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1325.817295][T12933] overlayfs: conflicting lowerdir path
[ 1326.134225][T12941] loop1: detected capacity change from 0 to 512
[ 1326.525395][  T307] tipc: Node number set to 1
[ 1326.611599][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1326.678611][T12941] EXT4-fs (loop1): 1 orphan inode deleted
[ 1326.684445][T12941] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1326.695012][T12941] ext4 filesystem being mounted at /577/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1327.294630][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1328.374221][T12963] loop1: detected capacity change from 0 to 512
[ 1328.569390][T12950] loop4: detected capacity change from 0 to 40427
[ 1328.700402][T12963] EXT4-fs (loop1): 1 orphan inode deleted
[ 1328.706199][T12963] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1328.717074][T12963] ext4 filesystem being mounted at /578/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1329.298457][T12950] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[ 1329.403445][T12950] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[ 1329.408975][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1329.418461][T12950] F2FS-fs (loop4): invalid crc value
[ 1329.459095][T12950] F2FS-fs (loop4): Found nat_bits in checkpoint
[ 1329.583059][T12950] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[ 1329.590171][T12950] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[ 1331.287490][T12984] loop0: detected capacity change from 0 to 512
[ 1331.389253][T12994] loop3: detected capacity change from 0 to 512
[ 1331.415864][T12984] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1331.425492][T12984] ext4 filesystem being mounted at /43/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1331.472574][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1331.599465][T13004] loop1: detected capacity change from 0 to 4096
[ 1331.606618][T13004] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1331.889139][T13004] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1333.059157][T12994] EXT4-fs (loop3): 1 orphan inode deleted
[ 1333.064951][T12994] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1333.092294][T12994] ext4 filesystem being mounted at /571/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1333.112046][T13004] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1333.247874][T13004] overlayfs: './file1' not a directory
[ 1333.882570][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1334.502220][T13017] overlayfs: failed to clone upperpath
[ 1334.551099][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1334.760138][  T439] usb 1-1: new high-speed USB device number 31 using dummy_hcd
[ 1334.786407][T13021] loop1: detected capacity change from 0 to 512
[ 1334.796009][T13021] EXT4-fs: Ignoring removed bh option
[ 1335.071278][T13029] loop3: detected capacity change from 0 to 512
[ 1337.400006][T13028] loop4: detected capacity change from 0 to 2048
[ 1337.421538][T13029] EXT4-fs (loop3): 1 orphan inode deleted
[ 1337.427306][T13029] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1337.436639][T13029] ext4 filesystem being mounted at /572/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1337.481134][T13021] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1337.499801][T13021] ext4 filesystem being mounted at /581/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1337.504911][T13028] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1338.662240][T13046] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #12: comm syz.1.3011: Directory hole found for htree leaf block 0
[ 1338.677676][T13046] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1338.687634][T13046] overlayfs: conflicting lowerdir path
[ 1338.830734][  T439] usb 1-1: device not accepting address 31, error -71
[ 1338.906268][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1338.906765][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1339.055602][T13055] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3017'.
[ 1339.066502][T13056] loop1: detected capacity change from 0 to 256
[ 1339.073094][T13056] exfat: Deprecated parameter 'utf8'
[ 1339.078402][T13056] exfat: Deprecated parameter 'namecase'
[ 1339.084226][T13056] exfat: Deprecated parameter 'utf8'
[ 1339.089510][T13056] exfat: Bad value for 'gid'
[ 1339.167405][ T8393] I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1342.094898][T13072] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3021'.
[ 1342.919879][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1343.129137][T13089] loop4: detected capacity change from 0 to 256
[ 1343.140796][T13089] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[ 1348.102581][T13116] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3033'.
[ 1348.127544][T13119] usb usb1: usbfs: process 13119 (syz.3.3034) did not claim interface 0 before use
[ 1349.067942][T13132] loop4: detected capacity change from 0 to 128
[ 1349.142052][T13132] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[ 1349.157940][T13132] ext4 filesystem being mounted at /567/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1349.211911][T13132] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1349.225389][T13132] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1349.257211][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[ 1349.272011][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1349.300697][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[ 1349.320789][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1349.340562][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1349.371068][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1349.384678][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1349.411062][  T889] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1349.434072][T13132] tipc: Started in network mode
[ 1349.436444][T13139] xt_hashlimit: size too large, truncated to 1048576
[ 1349.438953][T13132] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1349.500546][T13132] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1349.508762][T13132] tipc: Enabled bearer <udp:syz1>, priority 10
[ 1349.634281][T13144] incfs: Can't find or create .index dir in ./file0
[ 1349.647458][T13144] incfs: mount failed -14
[ 1349.691537][T13146] loop1: detected capacity change from 0 to 512
[ 1349.698133][T13146] EXT4-fs: Ignoring removed bh option
[ 1349.801560][T13146] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1349.820453][T13146] ext4 filesystem being mounted at /586/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1349.939469][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1350.708633][ T1348] tipc: Node number set to 1
[ 1350.741779][T13149] EXT4-fs error (device loop1): ext4_add_entry:2486: inode #12: comm syz.1.3043: Directory hole found for htree leaf block 0
[ 1350.755199][T13149] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1350.764860][T13149] overlayfs: conflicting lowerdir path
[ 1351.268894][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1351.275151][T13157] fuse: Bad value for 'fd'
[ 1352.360873][T13159] 9pnet_fd: Insufficient options for proto=fd
[ 1352.478646][T13170] loop1: detected capacity change from 0 to 2048
[ 1352.980424][T13170] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1353.555708][T13183] loop4: detected capacity change from 0 to 512
[ 1353.642809][T13183] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1353.671332][T13183] ext4 filesystem being mounted at /571/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1353.952175][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1354.477238][T13206] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3058'.
[ 1354.486397][T13206] device bridge_slave_1 left promiscuous mode
[ 1354.492916][T13206] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1354.502612][T13206] device bridge_slave_0 left promiscuous mode
[ 1354.509482][T13206] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1355.421368][T13212] loop1: detected capacity change from 0 to 512
[ 1359.145673][T13212] EXT4-fs (loop1): 1 orphan inode deleted
[ 1359.152120][T13212] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1359.161304][T13212] ext4 filesystem being mounted at /590/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1359.170661][T13216] 9pnet_fd: Insufficient options for proto=fd
[ 1359.184288][ T4600] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1359.213040][ T4600] EXT4-fs error (device loop1): ext4_release_dquot:6837: comm kworker/u4:19: Failed to release dquot type 1
[ 1359.367278][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1359.665075][T13230] loop0: detected capacity change from 0 to 512
[ 1359.690636][T13230] EXT4-fs: Ignoring removed bh option
[ 1359.711729][T13232] loop1: detected capacity change from 0 to 2048
[ 1359.742398][T13232] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1359.751107][T13230] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1359.760025][T13230] ext4 filesystem being mounted at /59/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1359.773654][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1360.766291][T13242] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #12: comm syz.0.3066: Directory hole found for htree leaf block 0
[ 1360.782635][T13242] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1360.792382][T13242] overlayfs: conflicting lowerdir path
[ 1360.990649][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1362.094521][T13256] loop4: detected capacity change from 0 to 4096
[ 1362.102604][T13256] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1362.113299][T13256] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1362.304566][T13256] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1363.254919][T13256] overlayfs: failed to resolve './file0': -2
[ 1364.440244][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1364.455834][T13274] 9pnet_fd: Insufficient options for proto=fd
[ 1364.552368][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1364.731101][T13341] loop0: detected capacity change from 0 to 512
[ 1365.230636][T13341] EXT4-fs (loop0): 1 orphan inode deleted
[ 1365.236519][T13341] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1365.247641][T13341] ext4 filesystem being mounted at /61/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1365.502008][T13348] loop3: detected capacity change from 0 to 512
[ 1365.555979][T13352] loop4: detected capacity change from 0 to 512
[ 1365.603198][T13352] EXT4-fs: Ignoring removed bh option
[ 1365.726445][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1365.756768][T13348] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1365.802584][T13352] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1365.837134][T13352] ext4 filesystem being mounted at /576/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1365.858683][T13348] ext4 filesystem being mounted at /584/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1366.705012][T13373] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #12: comm syz.4.3083: Directory hole found for htree leaf block 0
[ 1366.719223][T13373] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1366.729349][T13373] overlayfs: conflicting lowerdir path
[ 1366.778739][T13374] loop0: detected capacity change from 0 to 256
[ 1366.785806][T13374] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[ 1366.808075][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1367.396228][T13380] loop4: detected capacity change from 0 to 512
[ 1367.427241][T13380] EXT4-fs: Ignoring removed bh option
[ 1367.481982][T13380] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1367.495314][T13380] ext4 filesystem being mounted at /577/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1367.766724][T13389] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #12: comm syz.4.3087: Directory hole found for htree leaf block 0
[ 1367.782373][T13389] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1367.792401][T13389] overlayfs: conflicting lowerdir path
[ 1367.921997][T13387] loop0: detected capacity change from 0 to 2048
[ 1368.011905][T13387] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[ 1368.964052][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1369.161635][T13410] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3093'.
[ 1371.734879][T13423] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[ 1371.743718][T13423] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[ 1371.811183][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1371.959509][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1372.030122][T13450] loop3: detected capacity change from 0 to 128
[ 1372.171172][T13450] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[ 1372.199704][T13450] ext4 filesystem being mounted at /585/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1372.495407][T13450] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1372.504091][   T28] audit: type=1400 audit(1751894732.452:219): avc:  denied  { create } for  pid=13606 comm="syz.4.3104" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1
[ 1372.504703][T13450] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1372.543029][T13450] device vti0 left promiscuous mode
[ 1372.550395][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[ 1372.558627][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[ 1372.568472][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[ 1372.579021][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[ 1372.587980][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[ 1372.596869][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[ 1372.605514][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[ 1372.614510][T13570] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[ 1372.628528][T13450] tipc: Started in network mode
[ 1372.634461][T13450] tipc: Node identity 00000000000000000000000000000001, cluster identity 4711
[ 1372.655983][T13450] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[ 1372.664486][T13450] tipc: Enabled bearer <udp:syz1>, priority 10
[ 1372.685098][T13450] xt_hashlimit: size too large, truncated to 1048576
[ 1372.729578][T13613] loop1: detected capacity change from 0 to 128
[ 1372.991007][T13613] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[ 1373.002066][T13613] ext4 filesystem being mounted at /599/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[ 1373.026384][T13613] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[ 1374.844711][T13623] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3108'.
[ 1374.880327][T13624] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3107'.
[ 1375.293349][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1375.666822][T12728] tipc: Node number set to 1
[ 1375.706538][T13631] incfs: Can't find or create .index dir in ./file0
[ 1375.713767][T13631] incfs: mount failed -14
[ 1375.735745][T13613] tipc: Enabling of bearer <udp:syz1> rejected, already enabled
[ 1375.839589][T13638] loop0: detected capacity change from 0 to 512
[ 1375.851059][T13638] EXT4-fs: Ignoring removed bh option
[ 1375.867526][  T286] EXT4-fs (loop1): unmounting filesystem.
[ 1375.885479][T13638] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1375.932230][T13643] loop3: detected capacity change from 0 to 512
[ 1375.943831][T13638] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1376.093553][T13643] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1376.102996][T13643] ext4 filesystem being mounted at /587/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1378.218769][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1378.228909][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1378.525044][T13516] tipc: Disabling bearer <udp:syz1>
[ 1378.530547][T13516] tipc: Left network mode
[ 1378.582947][T13655] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1378.597517][T13655] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1378.612722][T13655] device bridge_slave_0 entered promiscuous mode
[ 1378.631065][T13655] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1378.638097][T13655] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1378.661148][T13655] device bridge_slave_1 entered promiscuous mode
[ 1381.865652][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1381.874408][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1381.895908][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1381.911506][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1381.919706][T13553] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1381.926760][T13553] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1381.934206][ T1348] usb 4-1: new high-speed USB device number 27 using dummy_hcd
[ 1381.985342][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1381.999974][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1382.008277][T13553] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1382.015326][T13553] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1382.032285][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[ 1382.040041][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1382.061359][T13689] overlayfs: failed to clone upperpath
[ 1382.321364][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1382.329439][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1382.337806][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1382.400452][ T1348] usb 4-1: Using ep0 maxpacket: 16
[ 1382.406473][T13516] device veth1_macvtap left promiscuous mode
[ 1382.406875][ T1348] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1382.412829][T13516] device veth0_vlan left promiscuous mode
[ 1382.439728][ T1348] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1382.457257][ T1348] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1382.470373][ T1348] usb 4-1: config 0 interface 0 has no altsetting 0
[ 1382.477028][ T1348] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1382.486254][ T1348] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1382.495275][ T1348] usb 4-1: config 0 descriptor??
[ 1382.564413][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1382.572933][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1382.594780][T13655] device veth0_vlan entered promiscuous mode
[ 1382.601440][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1382.610024][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1382.619102][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1382.629150][T13694] loop4: detected capacity change from 0 to 512
[ 1382.639834][T13553] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1382.652492][T13694] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1382.661733][T13694] ext4 filesystem being mounted at /583/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1383.112596][T13509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1383.115442][T13701] loop0: detected capacity change from 0 to 512
[ 1383.128074][T13509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1385.157900][T13701] EXT4-fs: Ignoring removed bh option
[ 1385.181914][T13701] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1385.190983][T13701] ext4 filesystem being mounted at /71/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1385.281483][T13655] device veth1_macvtap entered promiscuous mode
[ 1385.282212][ T1348] usbhid 4-1:0.0: can't add hid device: -71
[ 1385.289138][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1385.293755][ T1348] usbhid: probe of 4-1:0.0 failed with error -71
[ 1385.308951][T13509] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1385.318180][T13509] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1385.338129][T13509] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1385.359041][ T1348] usb 4-1: USB disconnect, device number 27
[ 1385.368192][T13509] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1385.403688][T13714] tipc: Failed to remove unknown binding: 66,1,1/1:2829938133/2829938135
[ 1386.632772][T13724] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3132'.
[ 1386.653054][T13721] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #12: comm syz.0.3127: Directory hole found for htree leaf block 0
[ 1386.668410][T13721] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1386.678378][T13721] overlayfs: conflicting lowerdir path
[ 1386.926963][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1388.240528][T13743] loop3: detected capacity change from 0 to 512
[ 1388.602318][T13754] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3138'.
[ 1389.327099][T13743] EXT4-fs (loop3): 1 orphan inode deleted
[ 1389.344772][T13542] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1389.362576][T13743] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1389.686878][T13758] loop0: detected capacity change from 0 to 512
[ 1389.709299][T13542] EXT4-fs error (device loop3): ext4_release_dquot:6837: comm kworker/u4:180: Failed to release dquot type 1
[ 1389.722527][T13743] ext4 filesystem being mounted at /591/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1389.929330][T13758] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1389.938299][T13758] ext4 filesystem being mounted at /75/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1391.328015][T13771] process 'syz.4.3145' launched './file0' with NULL argv: empty string added
[ 1391.338294][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1391.360815][   T28] audit: type=1400 audit(1751894751.312:220): avc:  denied  { execute } for  pid=13769 comm="syz.4.3145" name="file0" dev="tmpfs" ino=3535 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1391.386824][T13774] loop1: detected capacity change from 0 to 512
[ 1391.426849][T13774] EXT4-fs: Ignoring removed bh option
[ 1391.474057][T13774] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1391.486647][T13774] ext4 filesystem being mounted at /4/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1391.774342][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1391.974798][   T28] audit: type=1400 audit(1751894751.922:221): avc:  denied  { execute_no_trans } for  pid=13769 comm="syz.4.3145" path="/588/file0" dev="tmpfs" ino=3535 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1
[ 1393.055877][T13799] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3152'.
[ 1393.371603][T13655] EXT4-fs (loop1): unmounting filesystem.
[ 1394.096949][T13816] loop1: detected capacity change from 0 to 512
[ 1394.220395][T13816] EXT4-fs (loop1): 1 orphan inode deleted
[ 1394.226200][T13816] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1394.268712][T13816] ext4 filesystem being mounted at /5/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1395.987915][T13655] EXT4-fs (loop1): unmounting filesystem.
[ 1396.159705][T13832] loop4: detected capacity change from 0 to 512
[ 1396.782735][T13839] loop1: detected capacity change from 0 to 512
[ 1397.518878][T13832] EXT4-fs warning (device loop4): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop4.
[ 1398.171243][T13839] EXT4-fs (loop1): 1 orphan inode deleted
[ 1398.177024][T13839] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1398.187110][T13839] ext4 filesystem being mounted at /6/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1398.419599][T13655] EXT4-fs (loop1): unmounting filesystem.
[ 1398.426524][T13852] overlayfs: failed to clone upperpath
[ 1398.525925][T13856] incfs: Can't find or create .index dir in ./file0
[ 1398.537380][T13856] incfs: mount failed -14
[ 1399.697430][T13866] loop0: detected capacity change from 0 to 512
[ 1399.704358][T13866] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1399.723402][T13866] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[ 1399.805707][T13866] EXT4-fs (loop0): 1 truncate cleaned up
[ 1399.811594][T13866] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1399.940678][T13870] loop3: detected capacity change from 0 to 512
[ 1400.367146][T13877] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3172'.
[ 1401.608509][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1401.635899][T13870] EXT4-fs: Ignoring removed bh option
[ 1401.760114][T13870] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1401.769092][T13870] ext4 filesystem being mounted at /595/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1403.199614][T13891] overlayfs: missing 'lowerdir'
[ 1403.225992][T13894] incfs: Can't find or create .index dir in ./file0
[ 1403.236257][  T287] EXT4-fs (loop3): unmounting filesystem.
[ 1403.469451][T13897] loop0: detected capacity change from 0 to 512
[ 1404.504300][T13894] incfs: mount failed -14
[ 1404.586901][T13897] EXT4-fs (loop0): 1 orphan inode deleted
[ 1404.592718][T13897] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1404.602011][T13897] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1404.835320][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1406.664228][T13914] incfs: Can't find or create .index dir in ./file0
[ 1406.677109][T13914] incfs: mount failed -14
[ 1406.912272][T13928] loop3: detected capacity change from 0 to 512
[ 1406.938655][T13928] EXT4-fs: Ignoring removed bh option
[ 1410.554997][T13928] EXT4-fs warning (device loop3): ext4_multi_mount_protect:404: Unable to create kmmpd thread for loop3.
[ 1410.702868][T13949] incfs: Can't find or create .index dir in ./file0
[ 1410.709522][T13949] incfs: mount failed -14
[ 1412.729016][T13955] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3189'.
[ 1413.803414][T13963] loop4: detected capacity change from 0 to 512
[ 1413.834397][T13963] EXT4-fs: Ignoring removed bh option
[ 1413.939873][T13972] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3200'.
[ 1415.035640][T13963] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1415.050423][T13963] ext4 filesystem being mounted at /596/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1415.310186][ T9442] tipc: Disabling bearer <udp:syz1>
[ 1415.412538][ T9442] tipc: Left network mode
[ 1415.437025][T13983] loop0: detected capacity change from 0 to 512
[ 1416.362623][T13988] EXT4-fs error (device loop4): ext4_add_entry:2486: inode #12: comm syz.4.3198: Directory hole found for htree leaf block 0
[ 1416.377464][T13988] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1416.387106][T13988] overlayfs: conflicting lowerdir path
[ 1416.443417][T13979] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1416.457380][  T285] EXT4-fs (loop4): unmounting filesystem.
[ 1416.463187][T13979] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1416.470793][T13979] device bridge_slave_0 entered promiscuous mode
[ 1416.500673][T13979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1416.517889][T13979] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1416.525640][T13979] device bridge_slave_1 entered promiscuous mode
[ 1416.592972][T13983] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1416.602366][T13983] ext4 filesystem being mounted at /89/bus supports timestamps until 2038-01-19 (0x7fffffff)
[ 1417.229601][T13979] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1417.236689][T13979] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1418.230850][T14007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3205'.
[ 1418.249078][T13542] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1418.270345][   T28] audit: type=1400 audit(1751894778.192:222): avc:  denied  { bind } for  pid=14009 comm="syz.5.3206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1418.355992][   T28] audit: type=1400 audit(1751894778.192:223): avc:  denied  { listen } for  pid=14009 comm="syz.5.3206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1418.376831][   T28] audit: type=1400 audit(1751894778.322:224): avc:  denied  { connect } for  pid=14009 comm="syz.5.3206" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[ 1418.425856][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1418.487979][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1419.377504][T13979] device veth0_vlan entered promiscuous mode
[ 1419.390522][T13979] device veth1_macvtap entered promiscuous mode
[ 1419.485117][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1419.591441][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1419.602238][T14027] incfs: Can't find or create .index dir in ./file0
[ 1419.608876][T14027] incfs: mount failed -14
[ 1419.620603][T13551] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1419.627636][T13551] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1419.875163][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1419.936571][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1419.954947][T13551] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1419.962017][T13551] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1419.984756][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1420.007537][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1420.015670][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1420.031168][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1420.065901][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1420.074541][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1420.892537][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1420.905833][T14039] loop1: detected capacity change from 0 to 512
[ 1420.910608][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1420.920150][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1420.928648][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1420.937034][T14039] EXT4-fs: Ignoring removed bh option
[ 1420.940803][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1420.951689][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1421.090898][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1421.111131][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1421.133538][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1421.772073][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1421.802014][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1421.822560][T14039] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1421.852386][T14039] ext4 filesystem being mounted at /21/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1422.049162][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1422.177447][T14051] overlayfs: missing 'lowerdir'
[ 1422.290338][    C1] ------------[ cut here ]------------
[ 1422.295843][    C1] refcount_t: addition on 0; use-after-free.
[ 1422.302144][    C1] WARNING: CPU: 1 PID: 14038 at lib/refcount.c:25 refcount_warn_saturate+0x104/0x1a0
[ 1422.311768][    C1] Modules linked in:
[ 1422.315665][    C1] CPU: 1 PID: 14038 Comm: syz.1.3214 Not tainted 6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1422.325576][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1422.335672][    C1] RIP: 0010:refcount_warn_saturate+0x104/0x1a0
[ 1422.341865][    C1] Code: 05 01 48 c7 c7 60 a6 a9 85 e8 38 fb dd fe 0f 0b eb df e8 6f b5 0c ff c6 05 cf ab 0b 05 01 48 c7 c7 a0 a5 a9 85 e8 1c fb dd fe <0f> 0b eb c3 e8 53 b5 0c ff c6 05 b4 ab 0b 05 01 48 c7 c7 00 a6 a9
[ 1422.361520][    C1] RSP: 0000:ffffc900001b09e0 EFLAGS: 00010246
[ 1422.361806][T14054] loop0: detected capacity change from 0 to 512
[ 1422.367588][    C1] RAX: fccacf6334a17a00 RBX: 0000000000000002 RCX: ffff88811e146540
[ 1422.367607][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 1422.367619][    C1] RBP: ffffc900001b09f0 R08: dffffc0000000000 R09: fffff520000360b9
[ 1422.384371][T14054] EXT4-fs: Ignoring removed bh option
[ 1422.389833][    C1] R10: fffff520000360b9 R11: 1ffff920000360b8 R12: ffffc900001b0ba0
[ 1422.389853][    C1] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff8881138fe400
[ 1422.419157][    C1] FS:  0000555575bd5500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1422.428105][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1422.431784][T14054] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[ 1422.434707][    C1] CR2: 0000001b30902ff8 CR3: 0000000140b6f000 CR4: 00000000003506a0
[ 1422.443951][T14054] ext4 filesystem being mounted at /90/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1422.451528][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1422.469804][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1422.477817][    C1] Call Trace:
[ 1422.481119][    C1]  <IRQ>
[ 1422.483968][    C1]  tipc_crypto_xmit+0x1822/0x2220
[ 1422.489085][    C1]  ? __cfi_tipc_crypto_xmit+0x10/0x10
[ 1422.494512][    C1]  ? __copy_skb_header+0x49f/0x630
[ 1422.499729][    C1]  tipc_bearer_xmit_skb+0x226/0x380
[ 1422.504984][    C1]  ? __skb_clone+0x47a/0x790
[ 1422.509579][    C1]  ? __cfi_tipc_bearer_xmit_skb+0x10/0x10
[ 1422.515331][    C1]  ? skb_clone+0x228/0x380
[ 1422.519746][    C1]  tipc_disc_timeout+0x6a2/0x830
[ 1422.524755][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1422.530209][    C1]  ? __kasan_check_write+0x14/0x20
[ 1422.535424][    C1]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 1422.541040][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1422.546494][    C1]  call_timer_fn+0x46/0x2a0
[ 1422.551026][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1422.556497][    C1]  __run_timers+0x639/0x9a0
[ 1422.561049][    C1]  ? calc_index+0x200/0x200
[ 1422.565563][    C1]  ? kvm_sched_clock_read+0x18/0x40
[ 1422.570801][    C1]  run_timer_softirq+0x6a/0xf0
[ 1422.575575][    C1]  handle_softirqs+0x1d7/0x600
[ 1422.580363][    C1]  __irq_exit_rcu+0x52/0xf0
[ 1422.584888][    C1]  irq_exit_rcu+0x9/0x10
[ 1422.589129][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1422.594851][    C1]  </IRQ>
[ 1422.597778][    C1]  <TASK>
[ 1422.600724][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1422.606714][    C1] RIP: 0010:exit_to_user_mode_loop+0x4a/0xb0
[ 1422.612734][    C1] Code: 00 e8 ea 4b 59 00 e8 f5 f9 f3 00 fa e8 df d4 8a 03 65 48 8b 05 f7 a0 a3 7e 4c 8b 30 41 f7 c6 0e 30 02 00 74 5b fb 41 f6 c6 08 <74> 05 e8 9f 13 90 03 41 f7 c6 00 10 00 00 74 08 48 89 df e8 4e 01
[ 1422.632391][    C1] RSP: 0000:ffffc90000997ed0 EFLAGS: 00000202
[ 1422.638462][    C1] RAX: 0000000000000001 RBX: ffffc90000997f58 RCX: fccacf6334a17a00
[ 1422.646448][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffc90000997f58
[ 1422.654429][    C1] RBP: ffffc90000997ee0 R08: dffffc0000000000 R09: ffffed1023c28ca9
[ 1422.662411][    C1] R10: ffffed1023c28ca9 R11: 1ffff11023c28ca8 R12: 0000000000000000
[ 1422.670391][    C1] R13: 0000000000000000 R14: 0000000000000008 R15: ffff88811e146540
[ 1422.678344][    C1]  exit_to_user_mode_prepare+0x5a/0xa0
[ 1422.683842][    C1]  irqentry_exit_to_user_mode+0x9/0x10
[ 1422.689324][    C1]  irqentry_exit+0x12/0x40
[ 1422.693784][    C1]  sysvec_reschedule_ipi+0x78/0x80
[ 1422.698908][    C1]  asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1422.704406][    C1] RIP: 0033:0x7f05ada4d9b9
[ 1422.708842][    C1] Code: 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 fb 44 8d 56 04 4c 8d 0d 52 46 35 00 89 f0 4c 8d 05 49 26 35 00 89 c2 <81> e2 ff 1f 00 00 49 8b 0c d1 48 39 f1 74 28 48 85 c9 74 29 45 38
[ 1422.728479][    C1] RSP: 002b:00007ffdabd0b6d8 EFLAGS: 00000246
[ 1422.734571][    C1] RAX: 000000008448e621 RBX: 00007f05ae8e5720 RCX: 0000000000002282
[ 1422.742557][    C1] RDX: 000000008448e621 RSI: ffffffff8448e621 RDI: 000000000000000d
[ 1422.750537][    C1] RBP: ffffffff8448e621 R08: 00007f05adda0000 R09: 00007f05adda2000
[ 1422.758502][    C1] R10: 000000008448e625 R11: 000000000000000d R12: 000000000000000d
[ 1422.766487][    C1] R13: 0000000000000000 R14: ffffffff8448effb R15: 0000000000002282
[ 1422.774474][    C1]  ? unix_wait_for_peer+0x1db/0x2e0
[ 1422.779777][    C1]  ? unix_find_other+0x81/0x880
[ 1422.784651][    C1]  ? unix_find_other+0x81/0x880
[ 1422.789510][    C1]  </TASK>
[ 1422.792533][    C1] ---[ end trace 0000000000000000 ]---
[ 1422.797996][    C1] ------------[ cut here ]------------
[ 1422.803462][    C1] refcount_t: underflow; use-after-free.
[ 1422.809199][    C1] WARNING: CPU: 1 PID: 14038 at lib/refcount.c:28 refcount_warn_saturate+0x120/0x1a0
[ 1422.818695][    C1] Modules linked in:
[ 1422.822610][    C1] CPU: 1 PID: 14038 Comm: syz.1.3214 Tainted: G        W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1422.829028][T14058] EXT4-fs error (device loop0): ext4_add_entry:2486: inode #12: comm syz.0.3218: Directory hole found for htree leaf block 0
[ 1422.834011][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1422.847412][T14058] overlayfs: failed to create directory ./file0/work (errno: 117); mounting read-only
[ 1422.856997][    C1] RIP: 0010:refcount_warn_saturate+0x120/0x1a0
[ 1422.866768][T14058] overlayfs: conflicting lowerdir path
[ 1422.872682][    C1] Code: 05 01 48 c7 c7 a0 a5 a9 85 e8 1c fb dd fe 0f 0b eb c3 e8 53 b5 0c ff c6 05 b4 ab 0b 05 01 48 c7 c7 00 a6 a9 85 e8 00 fb dd fe <0f> 0b eb a7 e8 37 b5 0c ff c6 05 95 ab 0b 05 01 48 c7 c7 40 a5 a9
[ 1422.872702][    C1] RSP: 0000:ffffc900001b09e0 EFLAGS: 00010246
[ 1422.903818][    C1] RAX: fccacf6334a17a00 RBX: 0000000000000003 RCX: ffff88811e146540
[ 1422.911812][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 1422.919781][    C1] RBP: ffffc900001b09f0 R08: dffffc0000000000 R09: fffff520000360b9
[ 1422.927771][    C1] R10: fffff520000360b9 R11: 1ffff920000360b8 R12: 00000000c0000000
[ 1422.935856][    C1] R13: dffffc0000000000 R14: 0000000000000003 R15: ffff8881138fe400
[ 1422.943853][    C1] FS:  0000555575bd5500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1422.952797][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1422.959386][    C1] CR2: 0000001b30902ff8 CR3: 0000000140b6f000 CR4: 00000000003506a0
[ 1422.967371][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1422.975350][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1422.983779][    C1] Call Trace:
[ 1422.987050][    C1]  <IRQ>
[ 1422.989891][    C1]  tipc_crypto_xmit+0x195e/0x2220
[ 1422.994928][    C1]  ? __cfi_tipc_crypto_xmit+0x10/0x10
[ 1423.000330][    C1]  ? __copy_skb_header+0x49f/0x630
[ 1423.005470][    C1]  tipc_bearer_xmit_skb+0x226/0x380
[ 1423.010680][    C1]  ? __skb_clone+0x47a/0x790
[ 1423.015277][    C1]  ? __cfi_tipc_bearer_xmit_skb+0x10/0x10
[ 1423.021016][    C1]  ? skb_clone+0x228/0x380
[ 1423.025438][    C1]  tipc_disc_timeout+0x6a2/0x830
[ 1423.030399][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1423.035867][    C1]  ? __kasan_check_write+0x14/0x20
[ 1423.040997][    C1]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 1423.046552][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1423.052017][    C1]  call_timer_fn+0x46/0x2a0
[ 1423.056523][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1423.061999][    C1]  __run_timers+0x639/0x9a0
[ 1423.066522][    C1]  ? calc_index+0x200/0x200
[ 1423.071042][    C1]  ? kvm_sched_clock_read+0x18/0x40
[ 1423.076251][    C1]  run_timer_softirq+0x6a/0xf0
[ 1423.081032][    C1]  handle_softirqs+0x1d7/0x600
[ 1423.085795][    C1]  __irq_exit_rcu+0x52/0xf0
[ 1423.090400][    C1]  irq_exit_rcu+0x9/0x10
[ 1423.094737][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1423.100395][    C1]  </IRQ>
[ 1423.103332][    C1]  <TASK>
[ 1423.106265][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1423.112266][    C1] RIP: 0010:exit_to_user_mode_loop+0x4a/0xb0
[ 1423.118357][    C1] Code: 00 e8 ea 4b 59 00 e8 f5 f9 f3 00 fa e8 df d4 8a 03 65 48 8b 05 f7 a0 a3 7e 4c 8b 30 41 f7 c6 0e 30 02 00 74 5b fb 41 f6 c6 08 <74> 05 e8 9f 13 90 03 41 f7 c6 00 10 00 00 74 08 48 89 df e8 4e 01
[ 1423.138003][    C1] RSP: 0000:ffffc90000997ed0 EFLAGS: 00000202
[ 1423.144088][    C1] RAX: 0000000000000001 RBX: ffffc90000997f58 RCX: fccacf6334a17a00
[ 1423.152082][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffc90000997f58
[ 1423.160059][    C1] RBP: ffffc90000997ee0 R08: dffffc0000000000 R09: ffffed1023c28ca9
[ 1423.168043][    C1] R10: ffffed1023c28ca9 R11: 1ffff11023c28ca8 R12: 0000000000000000
[ 1423.176021][    C1] R13: 0000000000000000 R14: 0000000000000008 R15: ffff88811e146540
[ 1423.184013][    C1]  exit_to_user_mode_prepare+0x5a/0xa0
[ 1423.189467][    C1]  irqentry_exit_to_user_mode+0x9/0x10
[ 1423.194963][    C1]  irqentry_exit+0x12/0x40
[ 1423.199387][    C1]  sysvec_reschedule_ipi+0x78/0x80
[ 1423.204542][    C1]  asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1423.210004][    C1] RIP: 0033:0x7f05ada4d9b9
[ 1423.214443][    C1] Code: 00 c3 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 41 89 fb 44 8d 56 04 4c 8d 0d 52 46 35 00 89 f0 4c 8d 05 49 26 35 00 89 c2 <81> e2 ff 1f 00 00 49 8b 0c d1 48 39 f1 74 28 48 85 c9 74 29 45 38
[ 1423.234063][    C1] RSP: 002b:00007ffdabd0b6d8 EFLAGS: 00000246
[ 1423.240124][    C1] RAX: 000000008448e621 RBX: 00007f05ae8e5720 RCX: 0000000000002282
[ 1423.248129][    C1] RDX: 000000008448e621 RSI: ffffffff8448e621 RDI: 000000000000000d
[ 1423.256125][    C1] RBP: ffffffff8448e621 R08: 00007f05adda0000 R09: 00007f05adda2000
[ 1423.264121][    C1] R10: 000000008448e625 R11: 000000000000000d R12: 000000000000000d
[ 1423.272097][    C1] R13: 0000000000000000 R14: ffffffff8448effb R15: 0000000000002282
[ 1423.280042][    C1]  ? unix_wait_for_peer+0x1db/0x2e0
[ 1423.285251][    C1]  ? unix_find_other+0x81/0x880
[ 1423.290193][    C1]  ? unix_find_other+0x81/0x880
[ 1423.295042][    C1]  </TASK>
[ 1423.298051][    C1] ---[ end trace 0000000000000000 ]---
[ 1423.330356][    C1] ------------[ cut here ]------------
[ 1423.335846][    C1] refcount_t: saturated; leaking memory.
[ 1423.341626][    C1] WARNING: CPU: 1 PID: 14050 at lib/refcount.c:22 refcount_warn_saturate+0x158/0x1a0
[ 1423.351123][    C1] Modules linked in:
[ 1423.355014][    C1] CPU: 1 PID: 14050 Comm: syz.3.3217 Tainted: G        W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1423.366423][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1423.376479][    C1] RIP: 0010:refcount_warn_saturate+0x158/0x1a0
[ 1423.382647][    C1] Code: 05 01 48 c7 c7 40 a5 a9 85 e8 e4 fa dd fe 0f 0b eb 8b e8 1b b5 0c ff c6 05 7a ab 0b 05 01 48 c7 c7 40 a5 a9 85 e8 c8 fa dd fe <0f> 0b e9 6c ff ff ff e8 fc b4 0c ff c6 05 5f ab 0b 05 01 48 c7 c7
[ 1423.402254][    C1] RSP: 0018:ffffc900001b09e0 EFLAGS: 00010246
[ 1423.408318][    C1] RAX: aa8b6606fa786e00 RBX: 0000000000000001 RCX: ffff88811057a880
[ 1423.416289][    C1] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 1423.424288][    C1] RBP: ffffc900001b09f0 R08: dffffc0000000000 R09: fffff520000360b9
[ 1423.432258][    C1] R10: fffff520000360b9 R11: 1ffff920000360b8 R12: ffffc900001b0ba0
[ 1423.440222][    C1] R13: dffffc0000000000 R14: 0000000000000001 R15: ffff8881138fe400
[ 1423.448190][    C1] FS:  00007f265606d6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1423.457130][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1423.463708][    C1] CR2: 0000001b30902ff8 CR3: 000000012fb8b000 CR4: 00000000003506a0
[ 1423.471686][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1423.479632][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1423.487598][    C1] Call Trace:
[ 1423.490879][    C1]  <IRQ>
[ 1423.493698][    C1]  tipc_crypto_xmit+0x1822/0x2220
[ 1423.498704][    C1]  ? __cfi_tipc_crypto_xmit+0x10/0x10
[ 1423.504082][    C1]  ? __copy_skb_header+0x49f/0x630
[ 1423.509194][    C1]  tipc_bearer_xmit_skb+0x226/0x380
[ 1423.514427][    C1]  ? __skb_clone+0x47a/0x790
[ 1423.519019][    C1]  ? __cfi_tipc_bearer_xmit_skb+0x10/0x10
[ 1423.524744][    C1]  ? skb_clone+0x228/0x380
[ 1423.529153][    C1]  tipc_disc_timeout+0x6a2/0x830
[ 1423.534091][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1423.539547][    C1]  ? __kasan_check_write+0x14/0x20
[ 1423.544670][    C1]  ? __cfi__raw_spin_lock_irq+0x10/0x10
[ 1423.550220][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1423.555676][    C1]  call_timer_fn+0x46/0x2a0
[ 1423.560178][    C1]  ? __cfi_tipc_disc_timeout+0x10/0x10
[ 1423.565640][    C1]  __run_timers+0x639/0x9a0
[ 1423.570144][    C1]  ? calc_index+0x200/0x200
[ 1423.574651][    C1]  ? kvm_sched_clock_read+0x18/0x40
[ 1423.579853][    C1]  run_timer_softirq+0x6a/0xf0
[ 1423.584618][    C1]  handle_softirqs+0x1d7/0x600
[ 1423.589383][    C1]  __irq_exit_rcu+0x52/0xf0
[ 1423.593878][    C1]  irq_exit_rcu+0x9/0x10
[ 1423.598112][    C1]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1423.603741][    C1]  </IRQ>
[ 1423.606664][    C1]  <TASK>
[ 1423.609571][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1423.615576][    C1] RIP: 0010:kasan_unpoison+0x7b/0x90
[ 1423.620882][    C1] Code: 48 8d 54 03 01 48 c1 ea 03 48 29 fa 4c 01 fa 31 f6 e8 19 a7 30 03 4c 89 f0 48 83 e0 07 74 0b 4c 01 f3 48 c1 eb 03 42 88 04 3b <5b> 41 5e 41 5f 5d c3 0f 0b eb f5 66 2e 0f 1f 84 00 00 00 00 00 90
[ 1423.640489][    C1] RSP: 0018:ffffc90000cf6e90 EFLAGS: 00000246
[ 1423.646579][    C1] RAX: 0000000000000000 RBX: ffff888135c75000 RCX: 0000000000000000
[ 1423.654575][    C1] RDX: 0000000000000200 RSI: 0000000000000000 RDI: ffffed1026b8ec00
[ 1423.662558][    C1] RBP: ffffc90000cf6ea8 R08: dffffc0000000000 R09: ffffed1026b8ea00
[ 1423.670533][    C1] R10: fffff940009ae3af R11: 1ffffd40009ae3ae R12: ffffea0004d71d74
[ 1423.678512][    C1] R13: 0000000000000001 R14: 0000000000001000 R15: dffffc0000000000
[ 1423.686496][    C1]  __kasan_unpoison_pages+0x24/0x30
[ 1423.691706][    C1]  post_alloc_hook+0xe5/0x210
[ 1423.696424][    C1]  prep_new_page+0x1c/0x110
[ 1423.700926][    C1]  get_page_from_freelist+0x2c7b/0x2cf0
[ 1423.706474][    C1]  ? kasan_set_track+0x60/0x70
[ 1423.711237][    C1]  ? xas_create+0xf67/0x16d0
[ 1423.715888][    C1]  ? xas_store+0x94/0x17d0
[ 1423.720281][    C1]  ? shmem_add_to_page_cache+0x6d8/0xac0
[ 1423.725979][    C1]  ? __mm_populate+0x2e4/0x420
[ 1423.730770][    C1]  ? x64_sys_call+0x8fd/0x9a0
[ 1423.735444][    C1]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1423.741510][    C1]  ? __alloc_pages+0x3a0/0x3a0
[ 1423.746273][    C1]  ? __alloc_pages_bulk+0x9c0/0x9c0
[ 1423.751472][    C1]  __alloc_pages+0x19e/0x3a0
[ 1423.756062][    C1]  ? __cfi___alloc_pages+0x10/0x10
[ 1423.761174][    C1]  ? slab_post_alloc_hook+0x4f/0x2d0
[ 1423.766511][    C1]  ? slab_pre_alloc_hook+0x30/0x1e0
[ 1423.771724][    C1]  ? mem_cgroup_swap_full+0x1a0/0x1a0
[ 1423.777156][    C1]  __folio_alloc+0x12/0x40
[ 1423.781589][    C1]  shmem_alloc_and_acct_folio+0x650/0x870
[ 1423.787313][    C1]  ? shmem_replace_folio+0x590/0x590
[ 1423.792607][    C1]  ? xas_load+0x39e/0x3b0
[ 1423.796940][    C1]  ? __filemap_get_folio+0x93e/0x980
[ 1423.802340][    C1]  ? __cfi___filemap_get_folio+0x10/0x10
[ 1423.807976][    C1]  shmem_get_folio_gfp+0x119f/0x2230
[ 1423.813273][    C1]  ? xas_load+0x39e/0x3b0
[ 1423.817614][    C1]  shmem_fault+0x1ae/0x650
[ 1423.822045][    C1]  ? __cfi_shmem_fault+0x10/0x10
[ 1423.826983][    C1]  ? __kasan_check_write+0x14/0x20
[ 1423.832109][    C1]  ? folio_unlock+0x4f/0x60
[ 1423.836599][    C1]  do_fault+0x1a6f/0x1df0
[ 1423.841002][    C1]  ? sysvec_reschedule_ipi+0x78/0x80
[ 1423.846287][    C1]  ? pte_marker_clear+0x220/0x220
[ 1423.851324][    C1]  ? __this_cpu_preempt_check+0x11/0x20
[ 1423.856871][    C1]  ? memcg_rstat_updated+0x56/0x110
[ 1423.862134][    C1]  handle_mm_fault+0x12fa/0x2640
[ 1423.867075][    C1]  ? __cfi_handle_mm_fault+0x10/0x10
[ 1423.872367][    C1]  __get_user_pages+0x33d/0xd80
[ 1423.877299][    C1]  ? populate_vma_page_range+0x120/0x120
[ 1423.883038][    C1]  ? userfaultfd_unmap_complete+0x275/0x2d0
[ 1423.888978][    C1]  ? do_mmap+0x813/0xcf0
[ 1423.893221][    C1]  __mm_populate+0x2e4/0x420
[ 1423.897807][    C1]  ? __cfi___mm_populate+0x10/0x10
[ 1423.902924][    C1]  vm_mmap_pgoff+0x268/0x3f0
[ 1423.907580][    C1]  ? __kasan_check_read+0x11/0x20
[ 1423.912627][    C1]  ? __cfi_vm_mmap_pgoff+0x10/0x10
[ 1423.917746][    C1]  ? irqentry_exit+0x37/0x40
[ 1423.922338][    C1]  ksys_mmap_pgoff+0xf6/0x1d0
[ 1423.927020][    C1]  __x64_sys_mmap+0xfa/0x110
[ 1423.931612][    C1]  x64_sys_call+0x8fd/0x9a0
[ 1423.936114][    C1]  do_syscall_64+0x4c/0xa0
[ 1423.940528][    C1]  ? clear_bhb_loop+0x30/0x80
[ 1423.945204][    C1]  ? clear_bhb_loop+0x30/0x80
[ 1423.949862][    C1]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1423.955755][    C1] RIP: 0033:0x7f265518e929
[ 1423.960171][    C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1423.979779][    C1] RSP: 002b:00007f265606d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1423.988205][    C1] RAX: ffffffffffffffda RBX: 00007f26553b5fa0 RCX: 00007f265518e929
[ 1423.996177][    C1] RDX: b635773f06ebbeee RSI: 0000000000b36000 RDI: 0000200000000000
[ 1424.004250][    C1] RBP: 00007f2655210b39 R08: ffffffffffffffff R09: 0000000000000000
[ 1424.012223][    C1] R10: 0000000000008031 R11: 0000000000000246 R12: 0000000000000000
[ 1424.020185][    C1] R13: 0000000000000000 R14: 00007f26553b5fa0 R15: 00007ffe38aa5178
[ 1424.028162][    C1]  </TASK>
[ 1424.031184][    C1] ---[ end trace 0000000000000000 ]---
[ 1424.075170][T13655] EXT4-fs (loop1): unmounting filesystem.
[ 1424.081960][T12114] EXT4-fs (loop0): unmounting filesystem.
[ 1424.102639][ T9442] device veth1_macvtap left promiscuous mode
[ 1424.108689][ T9442] device veth0_vlan left promiscuous mode
[ 1424.465571][T14069] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3220'.
[ 1424.559024][T14052] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1424.566376][T14052] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1424.573890][T14052] device bridge_slave_0 entered promiscuous mode
[ 1424.580997][T14052] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1424.588070][T14052] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1424.595597][T14052] device bridge_slave_1 entered promiscuous mode
[ 1424.733671][T14080] loop1: detected capacity change from 0 to 512
[ 1424.810603][ T1348] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[ 1424.884524][T14080] EXT4-fs (loop1): 1 orphan inode deleted
[ 1424.890431][T14080] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1424.901143][T13542] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14
[ 1424.911704][T14080] ext4 filesystem being mounted at /25/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1424.938737][T14052] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1424.938896][T13542] EXT4-fs error (device loop1): ext4_release_dquot:6837: comm kworker/u4:180: Failed to release dquot type 1
[ 1424.945786][T14052] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1424.945868][T14052] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1424.971555][T14052] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1425.120586][ T1348] usb 4-1: Using ep0 maxpacket: 8
[ 1425.152200][ T1348] usb 4-1: unable to get BOS descriptor or descriptor too short
[ 1425.217571][ T1348] usb 4-1: config 4 has an invalid interface number: 147 but max is 0
[ 1425.259395][ T1348] usb 4-1: config 4 contains an unexpected descriptor of type 0x2, skipping
[ 1425.303772][ T1348] usb 4-1: config 4 has no interface number 0
[ 1425.337954][ T1348] usb 4-1: string descriptor 0 read error: -22
[ 1425.371351][ T1348] usb 4-1: New USB device found, idVendor=04f2, idProduct=b746, bcdDevice=8e.6e
[ 1425.385873][T13551] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1425.458921][T13551] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1425.473815][ T1348] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1425.521274][ T9442] tipc: Disabling bearer <udp:syz1>
[ 1425.526582][ T9442] tipc: Left network mode
[ 1425.546146][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[ 1425.556312][ T1348] usb 4-1: Found UVC 0.02 device <unnamed> (04f2:b746)
[ 1425.566346][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[ 1425.580371][ T1348] usb 4-1: No valid video chain found.
[ 1425.600535][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[ 1425.611142][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[ 1425.611295][T13655] EXT4-fs (loop1): unmounting filesystem.
[ 1425.619298][T13551] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1425.632040][T13551] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1425.639491][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[ 1425.648146][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[ 1425.656741][T13551] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1425.663782][T13551] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1425.672442][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[ 1425.680698][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[ 1425.688699][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[ 1425.697447][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[ 1425.716150][T14052] device veth0_vlan entered promiscuous mode
[ 1425.728586][T14052] device veth1_macvtap entered promiscuous mode
[ 1425.755105][ T9442] ------------[ cut here ]------------
[ 1425.760597][ T9442] refcount_t: saturated; leaking memory.
[ 1425.769839][ T1348] usb 4-1: USB disconnect, device number 28
[ 1425.775579][ T9442] WARNING: CPU: 0 PID: 9442 at lib/refcount.c:19 refcount_warn_saturate+0x13c/0x1a0
[ 1425.785178][ T9442] Modules linked in:
[ 1425.789072][ T9442] CPU: 0 PID: 9442 Comm: kworker/u4:9 Tainted: G        W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1425.800559][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1425.810729][ T9442] Workqueue: netns cleanup_net
[ 1425.815606][ T9442] RIP: 0010:refcount_warn_saturate+0x13c/0x1a0
[ 1425.821847][ T9442] Code: 05 01 48 c7 c7 00 a6 a9 85 e8 00 fb dd fe 0f 0b eb a7 e8 37 b5 0c ff c6 05 95 ab 0b 05 01 48 c7 c7 40 a5 a9 85 e8 e4 fa dd fe <0f> 0b eb 8b e8 1b b5 0c ff c6 05 7a ab 0b 05 01 48 c7 c7 40 a5 a9
[ 1425.830376][ T6817] usb 1-1: new high-speed USB device number 33 using dummy_hcd
[ 1425.841479][ T9442] RSP: 0018:ffffc900063877c0 EFLAGS: 00010246
[ 1425.855089][ T9442] RAX: 31800742075df300 RBX: 0000000000000000 RCX: ffff88811a610000
[ 1425.863088][ T9442] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002
[ 1425.871075][ T9442] RBP: ffffc900063877d0 R08: dffffc0000000000 R09: ffffed103ee04eb4
[ 1425.879041][ T9442] R10: ffffed103ee04eb4 R11: 1ffff1103ee04eb3 R12: 1ffff92000c70f04
[ 1425.887029][ T9442] R13: ffffc90006387840 R14: 0000000000000000 R15: ffff8881168dc68c
[ 1425.895069][ T9442] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1425.904023][ T9442] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1425.910618][ T9442] CR2: 00007f230f381000 CR3: 0000000130601000 CR4: 00000000003506b0
[ 1425.918601][ T9442] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1425.926584][ T9442] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1425.934561][ T9442] Call Trace:
[ 1425.937840][ T9442]  <TASK>
[ 1425.940781][ T9442]  nf_nat_masq_schedule+0x46b/0x4e0
[ 1425.946061][ T9442]  ? __kasan_check_write+0x14/0x20
[ 1425.951214][ T9442]  ? __cfi_device_cmp+0x10/0x10
[ 1425.956066][ T9442]  ? masq_device_event+0xd0/0xd0
[ 1425.961026][ T9442]  ? nfqnl_rcv_dev_event+0x441/0x470
[ 1425.966419][ T9442]  ? rtnl_is_locked+0x15/0x20
[ 1425.971166][ T9442]  masq_device_event+0x9b/0xd0
[ 1425.975933][ T9442]  raw_notifier_call_chain+0xa1/0x110
[ 1425.981342][ T9442]  dev_close_many+0x32d/0x4d0
[ 1425.986016][ T9442]  ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20
[ 1425.992803][ T9442]  ? __cfi_dev_close_many+0x10/0x10
[ 1425.998014][ T9442]  ? wait_for_common+0x54c/0x620
[ 1426.002988][ T9442]  ? __kasan_check_read+0x11/0x20
[ 1426.008016][ T9442]  unregister_netdevice_many+0x439/0x1820
[ 1426.013828][ T9442]  ? __cfi_unregister_netdevice_many+0x10/0x10
[ 1426.019987][ T9442]  ? unregister_netdevice_queue+0x1aa/0x360
[ 1426.025896][ T9442]  ? __cfi_unregister_netdevice_queue+0x10/0x10
[ 1426.032145][ T9442]  ? rcu_barrier+0x7e/0x600
[ 1426.036649][ T9442]  ip6gre_exit_batch_net+0x5a8/0x5f0
[ 1426.042037][ T9442]  ? __cfi_ip6gre_exit_batch_net+0x10/0x10
[ 1426.047866][ T9442]  ? __cfi_ip6gre_exit_batch_net+0x10/0x10
[ 1426.053852][ T9442]  cleanup_net+0x62d/0xb00
[ 1426.058274][ T9442]  ? __cfi_cleanup_net+0x10/0x10
[ 1426.063227][ T9442]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[ 1426.068604][ T9442]  process_one_work+0x71f/0xc40
[ 1426.073474][ T9442]  worker_thread+0xa29/0x11f0
[ 1426.078165][ T9442]  ? _raw_spin_lock_irqsave+0xb0/0x110
[ 1426.083649][ T9442]  kthread+0x281/0x320
[ 1426.087711][ T9442]  ? __cfi_worker_thread+0x10/0x10
[ 1426.092816][ T9442]  ? __cfi_kthread+0x10/0x10
[ 1426.097397][ T9442]  ret_from_fork+0x1f/0x30
[ 1426.100340][ T6817] usb 1-1: Using ep0 maxpacket: 16
[ 1426.101816][ T9442]  </TASK>
[ 1426.108025][ T6817] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1426.109893][ T9442] ---[ end trace 0000000000000000 ]---
[ 1426.110973][ T9442] ------------[ cut here ]------------
[ 1426.121016][ T6817] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1426.126200][ T9442] WARNING: CPU: 0 PID: 9442 at lib/ref_tracker.c:77 ref_tracker_alloc+0x2ae/0x430
[ 1426.150669][ T9442] Modules linked in:
[ 1426.154580][ T9442] CPU: 0 PID: 9442 Comm: kworker/u4:9 Tainted: G        W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1426.166113][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1426.176253][ T9442] Workqueue: netns cleanup_net
[ 1426.181092][ T9442] RIP: 0010:ref_tracker_alloc+0x2ae/0x430
[ 1426.186859][ T9442] Code: f9 e5 fe 48 bb 00 00 00 00 00 fc ff df 4c 8b 74 24 08 48 8b 7c 24 10 48 8b 74 24 18 e8 1b 47 66 02 31 c0 eb 6d e8 52 f9 e5 fe <0f> 0b 4d 85 e4 0f 85 09 fe ff ff 4c 8b 64 24 10 4d 8d 74 24 0c 4c
[ 1426.206556][ T9442] RSP: 0018:ffffc900063876a0 EFLAGS: 00010293
[ 1426.212986][ T9442] RAX: ffffffff8289fe1e RBX: dffffc0000000000 RCX: ffff88811a610000
[ 1426.221019][ T9442] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc90006387760
[ 1426.229016][ T9442] RBP: ffffc900063877d0 R08: dffffc0000000000 R09: ffffc900063876e0
[ 1426.237117][ T9442] R10: fffff52000c70eec R11: 1ffff92000c70edc R12: ffff88811bd43738
[ 1426.245142][ T9442] R13: ffff8881168dc6a0 R14: 0000000000000cc0 R15: ffff8881168dc690
[ 1426.253149][ T9442] FS:  0000000000000000(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1426.262164][ T9442] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1426.268770][ T9442] CR2: 00007f230f381000 CR3: 000000010bdb3000 CR4: 00000000003506b0
[ 1426.276789][ T9442] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1426.284809][ T9442] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1426.293406][ T9442] Call Trace:
[ 1426.296712][ T9442]  <TASK>
[ 1426.299659][ T9442]  ? __cfi_ref_tracker_alloc+0x10/0x10
[ 1426.305174][ T9442]  ? kasan_save_alloc_info+0x25/0x30
[ 1426.310528][ T9442]  ? __kasan_kmalloc+0x95/0xb0
[ 1426.315300][ T9442]  ? nf_nat_masq_schedule+0x238/0x4e0
[ 1426.320759][ T9442]  ? kmalloc_trace+0x40/0xb0
[ 1426.325373][ T9442]  nf_nat_masq_schedule+0x338/0x4e0
[ 1426.330619][ T9442]  ? __kasan_check_write+0x14/0x20
[ 1426.335761][ T9442]  ? __cfi_device_cmp+0x10/0x10
[ 1426.340684][ T9442]  ? masq_device_event+0xd0/0xd0
[ 1426.345638][ T9442]  ? nfqnl_rcv_dev_event+0x441/0x470
[ 1426.350963][ T9442]  ? rtnl_is_locked+0x15/0x20
[ 1426.355660][ T9442]  masq_device_event+0x9b/0xd0
[ 1426.360461][ T9442]  raw_notifier_call_chain+0xa1/0x110
[ 1426.365855][ T9442]  dev_close_many+0x32d/0x4d0
[ 1426.370881][ T9442]  ? __ww_mutex_lock_interruptible_slowpath+0x20/0x20
[ 1426.377679][ T9442]  ? __cfi_dev_close_many+0x10/0x10
[ 1426.382931][ T9442]  ? wait_for_common+0x54c/0x620
[ 1426.387893][ T9442]  ? __kasan_check_read+0x11/0x20
[ 1426.392971][ T9442]  unregister_netdevice_many+0x439/0x1820
[ 1426.398723][ T9442]  ? __cfi_unregister_netdevice_many+0x10/0x10
[ 1426.404924][ T9442]  ? unregister_netdevice_queue+0x1aa/0x360
[ 1426.410865][ T9442]  ? __cfi_unregister_netdevice_queue+0x10/0x10
[ 1426.417137][ T9442]  ? rcu_barrier+0x7e/0x600
[ 1426.421751][ T9442]  ip6gre_exit_batch_net+0x5a8/0x5f0
[ 1426.427058][ T9442]  ? __cfi_ip6gre_exit_batch_net+0x10/0x10
[ 1426.432924][ T9442]  ? __cfi_ip6gre_exit_batch_net+0x10/0x10
[ 1426.438756][ T9442]  cleanup_net+0x62d/0xb00
[ 1426.443225][ T9442]  ? __cfi_cleanup_net+0x10/0x10
[ 1426.448185][ T9442]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[ 1426.453667][ T9442]  process_one_work+0x71f/0xc40
[ 1426.458541][ T9442]  worker_thread+0xa29/0x11f0
[ 1426.463265][ T9442]  ? _raw_spin_lock_irqsave+0xb0/0x110
[ 1426.468759][ T9442]  kthread+0x281/0x320
[ 1426.472870][ T9442]  ? __cfi_worker_thread+0x10/0x10
[ 1426.478005][ T9442]  ? __cfi_kthread+0x10/0x10
[ 1426.482656][ T9442]  ret_from_fork+0x1f/0x30
[ 1426.487103][ T9442]  </TASK>
[ 1426.490146][ T9442] ---[ end trace 0000000000000000 ]---
[ 1426.498825][ T6817] usb 1-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[ 1426.511674][ T6817] usb 1-1: config 0 interface 0 has no altsetting 0
[ 1426.518475][ T6817] usb 1-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1426.527704][ T6817] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1426.584660][ T6817] usb 1-1: config 0 descriptor??
[ 1426.602941][ T1348] ------------[ cut here ]------------
[ 1426.608427][ T1348] WARNING: CPU: 1 PID: 1348 at lib/ref_tracker.c:110 ref_tracker_free+0x5de/0x7c0
[ 1426.617676][ T1348] Modules linked in:
[ 1426.621617][ T1348] CPU: 1 PID: 1348 Comm: kworker/1:9 Tainted: G        W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1426.633008][ T1348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1426.643120][ T1348] Workqueue: events iterate_cleanup_work
[ 1426.648792][ T1348] RIP: 0010:ref_tracker_free+0x5de/0x7c0
[ 1426.654490][ T1348] Code: 85 e8 2e 70 5b 02 43 0f b6 04 2c 84 c0 4c 8b 74 24 08 0f 85 c9 01 00 00 41 8b 3f e8 dc e8 ff ff 4c 89 f6 eb 84 e8 62 f1 e5 fe <0f> 0b 4d 85 ff 0f 85 d3 fa ff ff 4c 8b 24 24 4d 8d 74 24 0c 4c 89
[ 1426.674255][ T1348] RSP: 0018:ffffc900009d7b20 EFLAGS: 00010293
[ 1426.680865][ T1348] RAX: ffffffff828a060e RBX: 1ffff9200013af68 RCX: ffff88810c6f0000
[ 1426.688849][ T1348] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffc900009d7be0
[ 1426.696935][ T1348] RBP: ffffc900009d7c50 R08: dffffc0000000000 R09: ffffc900009d7b60
[ 1426.704939][ T1348] R10: fffff5200013af7c R11: 1ffff9200013af6c R12: ffff8881168dc6a0
[ 1426.712925][ T1348] R13: dffffc0000000000 R14: ffffc900009d7b60 R15: ffff88811bd43738
[ 1426.720913][ T1348] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1426.729849][ T1348] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1426.736445][ T1348] CR2: 0000001b3071cff8 CR3: 000000012523b000 CR4: 00000000003506a0
[ 1426.744521][ T1348] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1426.752509][ T1348] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1426.760513][ T1348] Call Trace:
[ 1426.763791][ T1348]  <TASK>
[ 1426.766727][ T1348]  ? __cfi_ref_tracker_free+0x10/0x10
[ 1426.772155][ T1348]  ? __cfi_device_cmp+0x10/0x10
[ 1426.777013][ T1348]  ? __kasan_check_read+0x11/0x20
[ 1426.782154][ T1348]  ? nf_ct_iterate_cleanup_net+0xe8/0x130
[ 1426.787878][ T1348]  iterate_cleanup_work+0x105/0x1f0
[ 1426.793106][ T1348]  ? __cfi_iterate_cleanup_work+0x10/0x10
[ 1426.798830][ T1348]  ? __schedule+0xb8f/0x14e0
[ 1426.803442][ T1348]  process_one_work+0x71f/0xc40
[ 1426.808302][ T1348]  worker_thread+0xa29/0x11f0
[ 1426.812987][ T1348]  ? _raw_spin_lock_irqsave+0xb0/0x110
[ 1426.818467][ T1348]  kthread+0x281/0x320
[ 1426.822552][ T1348]  ? __cfi_worker_thread+0x10/0x10
[ 1426.827663][ T1348]  ? __cfi_kthread+0x10/0x10
[ 1426.832262][ T1348]  ret_from_fork+0x1f/0x30
[ 1426.836686][ T1348]  </TASK>
[ 1426.839716][ T1348] ---[ end trace 0000000000000000 ]---
[ 1427.181906][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[ 1427.200823][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[ 1427.220277][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[ 1427.228353][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[ 1427.238601][T14100] tipc: Failed to remove unknown binding: 66,1,1/0:1809090838/1809090840
[ 1427.247040][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[ 1427.247255][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[ 1427.263826][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[ 1427.272128][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[ 1427.285072][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[ 1427.305327][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[ 1427.315443][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[ 1427.324661][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[ 1427.332928][T13551] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[ 1427.420038][T14100] device vti0 entered promiscuous mode
[ 1429.592183][T14113] loop1: detected capacity change from 0 to 4096
[ 1429.598910][T14113] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1429.803635][T14113] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1429.871496][T14113] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1430.898232][ T6817] usbhid 1-1:0.0: can't add hid device: -71
[ 1430.904222][ T6817] usbhid: probe of 1-1:0.0 failed with error -71
[ 1430.912685][ T6817] usb 1-1: USB disconnect, device number 33
[ 1430.938066][T13655] EXT4-fs (loop1): unmounting filesystem.
[ 1431.077212][T14134] tipc: Failed to remove unknown binding: 66,1,1/0:2998144075/2998144077
[ 1431.249414][T14146] overlayfs: failed to resolve './file2': -2
[ 1432.911991][ T9442] device veth1_macvtap left promiscuous mode
[ 1433.776027][T14171] loop4: detected capacity change from 0 to 4096
[ 1433.786729][T14171] EXT4-fs: Ignoring removed mblk_io_submit option
[ 1433.826401][T14171] EXT4-fs (loop4): Test dummy encryption mode enabled
[ 1433.956817][ T9442] device veth0_vlan left promiscuous mode
[ 1434.030734][T14171] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[ 1435.993484][T14052] EXT4-fs (loop4): unmounting filesystem.
[ 1436.311192][T14187] loop1: detected capacity change from 0 to 512
[ 1436.317793][T14187] EXT4-fs: Ignoring removed bh option
[ 1436.488813][T14197] overlayfs: failed to clone upperpath
[ 1439.313366][T14187] EXT4-fs: error -4 creating inode table initialization thread
[ 1439.724068][T14187] EXT4-fs (loop1): mount failed
[ 1439.795466][T14211] tipc: Failed to remove unknown binding: 66,1,1/0:3898135297/3898135299
[ 1439.839174][T14211] device vti0 entered promiscuous mode
[ 1439.968050][ T9442] ------------[ cut here ]------------
[ 1439.973707][ T9442] WARNING: CPU: 1 PID: 9442 at net/ipv4/tcp_ipv4.c:3261 tcp_sk_exit_batch+0xcb/0x140
[ 1439.983584][ T9442] Modules linked in:
[ 1439.987687][ T9442] CPU: 1 PID: 9442 Comm: kworker/u4:9 Tainted: G        W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1439.999175][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1440.009409][ T9442] Workqueue: netns cleanup_net
[ 1440.014237][ T9442] RIP: 0010:tcp_sk_exit_batch+0xcb/0x140
[ 1440.019975][ T9442] Code: e6 e8 29 dd 45 fd 41 83 fc 01 75 07 e8 fe d8 45 fd eb 19 bf 01 00 00 00 44 89 e6 e8 0f dd 45 fd 45 85 e4 7e 38 e8 e5 d8 45 fd <0f> 0b 49 8d 7e d0 e8 ca 06 01 00 4c 89 f0 48 c1 e8 03 42 80 3c 28
[ 1440.039649][ T9442] RSP: 0018:ffffc90006387c28 EFLAGS: 00010293
[ 1440.045748][ T9442] RAX: ffffffff842a1e8b RBX: ffffc90006387ca0 RCX: ffff88811a610000
[ 1440.053758][ T9442] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000001
[ 1440.061755][ T9442] RBP: ffffc90006387c50 R08: dffffc0000000000 R09: ffffed1022d1b921
[ 1440.069725][ T9442] R10: ffffed1022d1b921 R11: 1ffff11022d1b920 R12: 0000000000000002
[ 1440.077751][ T9442] R13: dffffc0000000000 R14: ffff8881168dc630 R15: ffff8881168dc900
[ 1440.085741][ T9442] FS:  0000000000000000(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1440.094707][ T9442] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1440.101313][ T9442] CR2: 0000001b31d13ff8 CR3: 000000012d8ce000 CR4: 00000000003506a0
[ 1440.109286][ T9442] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1440.117303][ T9442] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1440.125289][ T9442] Call Trace:
[ 1440.128562][ T9442]  <TASK>
[ 1440.131518][ T9442]  ? __cfi_tcp_sk_exit_batch+0x10/0x10
[ 1440.136980][ T9442]  cleanup_net+0x62d/0xb00
[ 1440.141440][ T9442]  ? __cfi_cleanup_net+0x10/0x10
[ 1440.146374][ T9442]  ? pwq_dec_nr_in_flight+0x18c/0x3c0
[ 1440.151789][ T9442]  process_one_work+0x71f/0xc40
[ 1440.156636][ T9442]  worker_thread+0xa29/0x11f0
[ 1440.161355][ T9442]  ? _raw_spin_lock_irqsave+0xb0/0x110
[ 1440.166822][ T9442]  kthread+0x281/0x320
[ 1440.170917][ T9442]  ? __cfi_worker_thread+0x10/0x10
[ 1440.176032][ T9442]  ? __cfi_kthread+0x10/0x10
[ 1440.180637][ T9442]  ret_from_fork+0x1f/0x30
[ 1440.185056][ T9442]  </TASK>
[ 1440.188070][ T9442] ---[ end trace 0000000000000000 ]---
[ 1440.699027][T14224] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3268'.
[ 1441.059290][T14235] tipc: Failed to remove unknown binding: 66,1,1/0:4051592470/4051592472
[ 1441.166657][T14239] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3269'.
[ 1442.605106][   T28] audit: type=1400 audit(1751894802.552:225): avc:  denied  { getattr } for  pid=14245 comm="syz.4.3276" name="/" dev="dax" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1
[ 1442.645337][T14248] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3274'.
[ 1442.793046][T14260] tipc: Failed to remove unknown binding: 66,1,1/0:407007206/407007208
[ 1444.392463][T14279] netlink: 96 bytes leftover after parsing attributes in process `syz.4.3286'.
[ 1444.544174][T14289] loop1: detected capacity change from 0 to 512
[ 1445.627946][T14296] loop3: detected capacity change from 0 to 512
[ 1446.133595][T14289] EXT4-fs (loop1): 1 orphan inode deleted
[ 1446.139354][T14289] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1446.149556][T14289] ext4 filesystem being mounted at /36/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1446.164795][T14296] EXT4-fs (loop3): 1 orphan inode deleted
[ 1446.170609][T14296] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[ 1446.179875][T14296] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1447.453589][T13655] EXT4-fs (loop1): unmounting filesystem.
[ 1447.561427][T14322] loop0: detected capacity change from 0 to 256
[ 1447.568203][T14322] SELinux: security_context_str_to_sid (unconfined_u) failed with errno=-22
[ 1449.494376][T14336] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3296'.
[ 1449.503474][T14336] device bridge_slave_1 left promiscuous mode
[ 1449.509696][T14336] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1450.560223][T14336] device bridge_slave_0 left promiscuous mode
[ 1450.566439][T14336] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1450.707022][T13979] EXT4-fs (loop3): unmounting filesystem.
[ 1451.905589][T14351] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3305'.
[ 1452.115554][ T8397] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[ 1452.295339][T14358] loop1: detected capacity change from 0 to 512
[ 1452.770339][    C0] ==================================================================
[ 1452.778422][    C0] BUG: KASAN: use-after-free in inet_twsk_kill+0x62/0x670
[ 1452.785628][    C0] Read of size 8 at addr ffff8881168dc940 by task syz.0.3309/14364
[ 1452.793514][    C0] 
[ 1452.795835][    C0] CPU: 0 PID: 14364 Comm: syz.0.3309 Tainted: G        W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1452.807197][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1452.817247][    C0] Call Trace:
[ 1452.820520][    C0]  <IRQ>
[ 1452.823362][    C0]  __dump_stack+0x21/0x24
[ 1452.827773][    C0]  dump_stack_lvl+0xee/0x150
[ 1452.832373][    C0]  ? __cfi_dump_stack_lvl+0x8/0x8
[ 1452.837403][    C0]  ? inet_twsk_kill+0x62/0x670
[ 1452.842169][    C0]  ? inet_twsk_kill+0x62/0x670
[ 1452.846933][    C0]  print_address_description+0x71/0x210
[ 1452.852544][    C0]  print_report+0x4a/0x60
[ 1452.856888][    C0]  kasan_report+0x122/0x150
[ 1452.861392][    C0]  ? inet_twsk_kill+0x62/0x670
[ 1452.866158][    C0]  __asan_report_load8_noabort+0x14/0x20
[ 1452.871799][    C0]  inet_twsk_kill+0x62/0x670
[ 1452.876395][    C0]  ? __next_timer_interrupt+0x368/0x3d0
[ 1452.881941][    C0]  ? __cfi_tw_timer_handler+0x10/0x10
[ 1452.887317][    C0]  tw_timer_handler+0x1c/0x20
[ 1452.892008][    C0]  call_timer_fn+0x46/0x2a0
[ 1452.896517][    C0]  ? __cfi_tw_timer_handler+0x10/0x10
[ 1452.901908][    C0]  __run_timers+0x639/0x9a0
[ 1452.906417][    C0]  ? calc_index+0x200/0x200
[ 1452.910924][    C0]  ? kvm_sched_clock_read+0x18/0x40
[ 1452.916133][    C0]  run_timer_softirq+0x6a/0xf0
[ 1452.920911][    C0]  handle_softirqs+0x1d7/0x600
[ 1452.925684][    C0]  ? irqtime_account_irq+0xc4/0x240
[ 1452.930887][    C0]  __irq_exit_rcu+0x52/0xf0
[ 1452.935391][    C0]  irq_exit_rcu+0x9/0x10
[ 1452.939632][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1452.945268][    C0]  </IRQ>
[ 1452.948197][    C0]  <TASK>
[ 1452.951119][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1452.957099][    C0] RIP: 0010:finish_task_switch+0x173/0x7b0
[ 1452.962911][    C0] Code: 80 3c 2b 00 74 08 4c 89 f7 e8 f9 ed 67 00 4d 8b 2e 4d 85 ed 0f 85 cd 00 00 00 4c 89 e7 e8 55 e1 a3 03 fb 49 8d 9f 48 0b 00 00 <48> 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df 42 0f b6 04 28
[ 1452.982515][    C0] RSP: 0018:ffffc900044bf740 EFLAGS: 00000282
[ 1452.988577][    C0] RAX: 0000000080000001 RBX: ffff88811066f088 RCX: 0000000000000000
[ 1452.996550][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff
[ 1453.004516][    C0] RBP: ffffc900044bf790 R08: dffffc0000000000 R09: ffffed10222cf79e
[ 1453.012480][    C0] R10: ffffed10222cf79e R11: 1ffff110222cf79d R12: ffff8881f7037d40
[ 1453.020458][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88811066e540
[ 1453.028435][    C0]  ? __switch_to_asm+0x3a/0x60
[ 1453.033205][    C0]  __schedule+0xb8f/0x14e0
[ 1453.037630][    C0]  ? raw_irqentry_exit_cond_resched+0x29/0x30
[ 1453.043692][    C0]  ? irqentry_exit+0x37/0x40
[ 1453.048282][    C0]  ? release_firmware_map_entry+0x194/0x194
[ 1453.054176][    C0]  ? ____sys_recvmsg+0x61/0x590
[ 1453.059105][    C0]  ? unix_dgram_recvmsg+0xc7/0xe0
[ 1453.064128][    C0]  preempt_schedule_irq+0x9b/0x110
[ 1453.069235][    C0]  ? __cfi_preempt_schedule_irq+0x10/0x10
[ 1453.074948][    C0]  raw_irqentry_exit_cond_resched+0x29/0x30
[ 1453.080836][    C0]  irqentry_exit+0x37/0x40
[ 1453.085250][    C0]  sysvec_reschedule_ipi+0x78/0x80
[ 1453.090366][    C0]  asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1453.095843][    C0] RIP: 0010:_copy_from_user+0x97/0xc0
[ 1453.101218][    C0] Code: 4c 89 fe 4c 89 f7 e8 b8 f6 80 02 41 89 c7 31 ff 4c 89 fe e8 cb b3 0c ff 4d 85 ff 75 11 e8 01 af 0c ff 4c 89 f8 5b 41 5c 41 5e <41> 5f 5d c3 e8 f0 ae 0c ff 4c 29 fb 49 01 de 4c 89 f7 31 f6 4c 89
[ 1453.120823][    C0] RSP: 0018:ffffc900044bfa48 EFLAGS: 00000246
[ 1453.126896][    C0] RAX: 0000000000000000 RBX: ffffc900044bfac0 RCX: 0000000000080000
[ 1453.134861][    C0] RDX: ffffc9000228d000 RSI: 000000000007ffff RDI: 0000000000080000
[ 1453.142828][    C0] RBP: ffffc900044bfa50 R08: 0000000000000000 R09: fffff52000897f5f
[ 1453.150796][    C0] R10: fffff52000897f5f R11: 1ffff92000897f58 R12: 0000000000000002
[ 1453.158856][    C0] R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000
[ 1453.166827][    C0]  ___sys_recvmsg+0x12b/0x510
[ 1453.171508][    C0]  ? __sys_recvmsg+0x270/0x270
[ 1453.176279][    C0]  ? asm_sysvec_call_function_single+0x1b/0x20
[ 1453.182435][    C0]  ? do_recvmmsg+0x3dd/0x7a0
[ 1453.187024][    C0]  do_recvmmsg+0x359/0x7a0
[ 1453.191446][    C0]  ? __sys_recvmmsg+0x280/0x280
[ 1453.196303][    C0]  __x64_sys_recvmmsg+0x18d/0x240
[ 1453.201329][    C0]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[ 1453.206874][    C0]  ? fpregs_assert_state_consistent+0xb1/0xe0
[ 1453.212951][    C0]  x64_sys_call+0x3e7/0x9a0
[ 1453.217455][    C0]  do_syscall_64+0x4c/0xa0
[ 1453.221863][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1453.226537][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1453.231214][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1453.237105][    C0] RIP: 0033:0x7f594658e929
[ 1453.241512][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1453.261116][    C0] RSP: 002b:00007f5947404038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1453.269532][    C0] RAX: ffffffffffffffda RBX: 00007f59467b6080 RCX: 00007f594658e929
[ 1453.277498][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[ 1453.285470][    C0] RBP: 00007f5946610b39 R08: 0000000000000000 R09: 0000000000000000
[ 1453.293448][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1453.301410][    C0] R13: 0000000000000001 R14: 00007f59467b6080 R15: 00007ffc30f686d8
[ 1453.309382][    C0]  </TASK>
[ 1453.312394][    C0] 
[ 1453.314721][    C0] Allocated by task 285:
[ 1453.318946][    C0]  kasan_set_track+0x4b/0x70
[ 1453.323535][    C0]  kasan_save_alloc_info+0x25/0x30
[ 1453.328647][    C0]  __kasan_slab_alloc+0x72/0x80
[ 1453.333493][    C0]  slab_post_alloc_hook+0x4f/0x2d0
[ 1453.338606][    C0]  kmem_cache_alloc+0x16e/0x330
[ 1453.343450][    C0]  copy_net_ns+0x145/0x5c0
[ 1453.347884][    C0]  create_new_namespaces+0x3a2/0x660
[ 1453.353169][    C0]  unshare_nsproxy_namespaces+0x120/0x170
[ 1453.358887][    C0]  ksys_unshare+0x4ac/0x7b0
[ 1453.363391][    C0]  __x64_sys_unshare+0x38/0x40
[ 1453.368151][    C0]  x64_sys_call+0x767/0x9a0
[ 1453.372649][    C0]  do_syscall_64+0x4c/0xa0
[ 1453.377055][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1453.382942][    C0] 
[ 1453.385252][    C0] Freed by task 9442:
[ 1453.389215][    C0]  kasan_set_track+0x4b/0x70
[ 1453.393795][    C0]  kasan_save_free_info+0x31/0x50
[ 1453.398818][    C0]  ____kasan_slab_free+0x132/0x180
[ 1453.403923][    C0]  __kasan_slab_free+0x11/0x20
[ 1453.408681][    C0]  slab_free_freelist_hook+0xc2/0x190
[ 1453.414054][    C0]  kmem_cache_free+0x12d/0x300
[ 1453.418814][    C0]  cleanup_net+0xa58/0xb00
[ 1453.423229][    C0]  process_one_work+0x71f/0xc40
[ 1453.428070][    C0]  worker_thread+0xa29/0x11f0
[ 1453.432740][    C0]  kthread+0x281/0x320
[ 1453.436803][    C0]  ret_from_fork+0x1f/0x30
[ 1453.441215][    C0] 
[ 1453.443528][    C0] Last potentially related work creation:
[ 1453.449228][    C0]  kasan_save_stack+0x3a/0x60
[ 1453.453894][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[ 1453.459262][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1453.465069][    C0]  insert_work+0x51/0x300
[ 1453.469418][    C0]  __queue_work+0x9b1/0xd30
[ 1453.473916][    C0]  delayed_work_timer_fn+0x61/0x80
[ 1453.479011][    C0]  call_timer_fn+0x46/0x2a0
[ 1453.483500][    C0]  __run_timers+0x667/0x9a0
[ 1453.487989][    C0]  run_timer_softirq+0xb8/0xf0
[ 1453.492732][    C0]  handle_softirqs+0x1d7/0x600
[ 1453.497475][    C0]  __irq_exit_rcu+0x52/0xf0
[ 1453.501959][    C0]  irq_exit_rcu+0x9/0x10
[ 1453.506181][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1453.511793][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1453.517752][    C0] 
[ 1453.520052][    C0] Second to last potentially related work creation:
[ 1453.526610][    C0]  kasan_save_stack+0x3a/0x60
[ 1453.531266][    C0]  __kasan_record_aux_stack+0xb6/0xc0
[ 1453.536624][    C0]  kasan_record_aux_stack_noalloc+0xb/0x10
[ 1453.542447][    C0]  insert_work+0x51/0x300
[ 1453.546767][    C0]  __queue_work+0x9b1/0xd30
[ 1453.551251][    C0]  delayed_work_timer_fn+0x61/0x80
[ 1453.556346][    C0]  call_timer_fn+0x46/0x2a0
[ 1453.560829][    C0]  __run_timers+0x667/0x9a0
[ 1453.565312][    C0]  run_timer_softirq+0xb8/0xf0
[ 1453.570055][    C0]  handle_softirqs+0x1d7/0x600
[ 1453.574795][    C0]  __irq_exit_rcu+0x52/0xf0
[ 1453.579278][    C0]  irq_exit_rcu+0x9/0x10
[ 1453.583502][    C0]  sysvec_call_function_single+0xa6/0xc0
[ 1453.589121][    C0]  asm_sysvec_call_function_single+0x1b/0x20
[ 1453.595084][    C0] 
[ 1453.597387][    C0] The buggy address belongs to the object at ffff8881168dc600
[ 1453.597387][    C0]  which belongs to the cache net_namespace of size 4224
[ 1453.611676][    C0] The buggy address is located 832 bytes inside of
[ 1453.611676][    C0]  4224-byte region [ffff8881168dc600, ffff8881168dd680)
[ 1453.625016][    C0] 
[ 1453.627320][    C0] The buggy address belongs to the physical page:
[ 1453.633705][    C0] page:ffffea00045a3600 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8881168d9180 pfn:0x1168d8
[ 1453.645231][    C0] head:ffffea00045a3600 order:3 compound_mapcount:0 compound_pincount:0
[ 1453.653593][    C0] flags: 0x4000000000010200(slab|head|zone=1)
[ 1453.659673][    C0] raw: 4000000000010200 0000000000000000 dead000000000122 ffff8881002ade00
[ 1453.668248][    C0] raw: ffff8881168d9180 0000000080070005 00000001ffffffff 0000000000000000
[ 1453.676811][    C0] page dumped because: kasan: bad access detected
[ 1453.683217][    C0] page_owner tracks the page as allocated
[ 1453.688915][    C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 285, tgid 285 (syz-executor), ts 21471083915, free_ts 20741581473
[ 1453.710106][    C0]  post_alloc_hook+0x1f5/0x210
[ 1453.714882][    C0]  prep_new_page+0x1c/0x110
[ 1453.719374][    C0]  get_page_from_freelist+0x2c7b/0x2cf0
[ 1453.724907][    C0]  __alloc_pages+0x19e/0x3a0
[ 1453.729483][    C0]  alloc_slab_page+0x6e/0xf0
[ 1453.734059][    C0]  new_slab+0x98/0x3d0
[ 1453.738112][    C0]  ___slab_alloc+0x6f6/0xb50
[ 1453.742682][    C0]  __slab_alloc+0x5e/0xa0
[ 1453.746999][    C0]  kmem_cache_alloc+0x1b0/0x330
[ 1453.751830][    C0]  copy_net_ns+0x145/0x5c0
[ 1453.756228][    C0]  create_new_namespaces+0x3a2/0x660
[ 1453.761497][    C0]  unshare_nsproxy_namespaces+0x120/0x170
[ 1453.767200][    C0]  ksys_unshare+0x4ac/0x7b0
[ 1453.771687][    C0]  __x64_sys_unshare+0x38/0x40
[ 1453.776438][    C0]  x64_sys_call+0x767/0x9a0
[ 1453.780942][    C0]  do_syscall_64+0x4c/0xa0
[ 1453.785341][    C0] page last free stack trace:
[ 1453.789990][    C0]  free_unref_page_prepare+0x742/0x750
[ 1453.795441][    C0]  free_unref_page+0x8f/0x530
[ 1453.800108][    C0]  __free_pages+0x67/0x100
[ 1453.804503][    C0]  __free_slab+0xca/0x1a0
[ 1453.808846][    C0]  discard_slab+0x29/0x40
[ 1453.813158][    C0]  __slab_free+0x201/0x280
[ 1453.817554][    C0]  ___cache_free+0xbf/0xd0
[ 1453.821950][    C0]  qlist_free_all+0xc6/0x140
[ 1453.826532][    C0]  kasan_quarantine_reduce+0x14a/0x170
[ 1453.831976][    C0]  __kasan_slab_alloc+0x24/0x80
[ 1453.836804][    C0]  slab_post_alloc_hook+0x4f/0x2d0
[ 1453.841896][    C0]  kmem_cache_alloc+0x16e/0x330
[ 1453.846844][    C0]  getname_flags+0xb9/0x500
[ 1453.851412][    C0]  __se_sys_newfstatat+0xdf/0x380
[ 1453.856419][    C0]  __x64_sys_newfstatat+0x9b/0xb0
[ 1453.861426][    C0]  x64_sys_call+0x77c/0x9a0
[ 1453.865914][    C0] 
[ 1453.868217][    C0] Memory state around the buggy address:
[ 1453.873824][    C0]  ffff8881168dc800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1453.881867][    C0]  ffff8881168dc880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1453.889909][    C0] >ffff8881168dc900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1453.897947][    C0]                                            ^
[ 1453.904073][    C0]  ffff8881168dc980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1453.912108][    C0]  ffff8881168dca00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1453.920142][    C0] ==================================================================
[ 1453.928269][    C0] Disabling lock debugging due to kernel taint
[ 1453.934470][    C0] ------------[ cut here ]------------
[ 1453.939915][    C0] refcount_t: decrement hit 0; leaking memory.
[ 1453.946201][    C0] WARNING: CPU: 0 PID: 14364 at lib/refcount.c:31 refcount_warn_saturate+0xe8/0x1a0
[ 1453.946237][    C0] Modules linked in:
[ 1453.946249][    C0] CPU: 0 PID: 14364 Comm: syz.0.3309 Tainted: G    B   W          6.1.141-syzkaller-00037-gfa7e0538663e #0
[ 1453.946271][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[ 1453.946282][    C0] RIP: 0010:refcount_warn_saturate+0xe8/0x1a0
[ 1453.946304][    C0] Code: 05 01 0f 85 99 00 00 00 e8 95 b5 0c ff 5b 41 5e 5d c3 e8 8b b5 0c ff c6 05 ed ab 0b 05 01 48 c7 c7 60 a6 a9 85 e8 38 fb dd fe <0f> 0b eb df e8 6f b5 0c ff c6 05 cf ab 0b 05 01 48 c7 c7 a0 a5 a9
[ 1453.946322][    C0] RSP: 0018:ffffc90000007cb0 EFLAGS: 00010246
[ 1453.946338][    C0] RAX: bfa675e7001b5a00 RBX: 0000000000000004 RCX: ffff88811066e540
[ 1453.946353][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002
[ 1453.946365][    C0] RBP: ffffc90000007cc0 R08: dffffc0000000000 R09: fffff52000000f11
[ 1453.946378][    C0] R10: fffff52000000f11 R11: 1ffff92000000f10 R12: ffff88810ac85220
[ 1453.946392][    C0] R13: dffffc0000000000 R14: 0000000000000004 R15: 0000000000000001
[ 1453.946405][    C0] FS:  00007f59474046c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1453.946423][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1453.946438][    C0] CR2: 0000000000000000 CR3: 000000012e445000 CR4: 00000000003506b0
[ 1453.946456][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1453.946468][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1453.946480][    C0] Call Trace:
[ 1453.946486][    C0]  <IRQ>
[ 1453.946493][    C0]  inet_twsk_kill+0x533/0x670
[ 1453.946521][    C0]  ? __cfi_tw_timer_handler+0x10/0x10
[ 1453.946546][    C0]  tw_timer_handler+0x1c/0x20
[ 1453.946569][    C0]  call_timer_fn+0x46/0x2a0
[ 1453.946593][    C0]  ? __cfi_tw_timer_handler+0x10/0x10
[ 1453.946617][    C0]  __run_timers+0x639/0x9a0
[ 1453.946644][    C0]  ? calc_index+0x200/0x200
[ 1453.946669][    C0]  ? kvm_sched_clock_read+0x18/0x40
[ 1453.946698][    C0]  run_timer_softirq+0x6a/0xf0
[ 1453.946721][    C0]  handle_softirqs+0x1d7/0x600
[ 1453.946749][    C0]  ? irqtime_account_irq+0xc4/0x240
[ 1453.946777][    C0]  __irq_exit_rcu+0x52/0xf0
[ 1453.946796][    C0]  irq_exit_rcu+0x9/0x10
[ 1453.946814][    C0]  sysvec_apic_timer_interrupt+0xa9/0xc0
[ 1453.946838][    C0]  </IRQ>
[ 1453.946845][    C0]  <TASK>
[ 1453.946851][    C0]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1453.946874][    C0] RIP: 0010:finish_task_switch+0x173/0x7b0
[ 1453.946900][    C0] Code: 80 3c 2b 00 74 08 4c 89 f7 e8 f9 ed 67 00 4d 8b 2e 4d 85 ed 0f 85 cd 00 00 00 4c 89 e7 e8 55 e1 a3 03 fb 49 8d 9f 48 0b 00 00 <48> 89 d8 48 c1 e8 03 49 bd 00 00 00 00 00 fc ff df 42 0f b6 04 28
[ 1453.946917][    C0] RSP: 0018:ffffc900044bf740 EFLAGS: 00000282
[ 1453.946934][    C0] RAX: 0000000080000001 RBX: ffff88811066f088 RCX: 0000000000000000
[ 1453.946949][    C0] RDX: 0000000000000001 RSI: 0000000000000004 RDI: 00000000ffffffff
[ 1453.946961][    C0] RBP: ffffc900044bf790 R08: dffffc0000000000 R09: ffffed10222cf79e
[ 1453.946977][    C0] R10: ffffed10222cf79e R11: 1ffff110222cf79d R12: ffff8881f7037d40
[ 1453.946992][    C0] R13: 0000000000000000 R14: 0000000000000000 R15: ffff88811066e540
[ 1453.947010][    C0]  ? __switch_to_asm+0x3a/0x60
[ 1453.947033][    C0]  __schedule+0xb8f/0x14e0
[ 1453.947061][    C0]  ? raw_irqentry_exit_cond_resched+0x29/0x30
[ 1453.947079][    C0]  ? irqentry_exit+0x37/0x40
[ 1453.947104][    C0]  ? release_firmware_map_entry+0x194/0x194
[ 1453.947133][    C0]  ? ____sys_recvmsg+0x61/0x590
[ 1453.947155][    C0]  ? unix_dgram_recvmsg+0xc7/0xe0
[ 1453.947180][    C0]  preempt_schedule_irq+0x9b/0x110
[ 1453.947197][    C0]  ? __cfi_preempt_schedule_irq+0x10/0x10
[ 1453.947214][    C0]  raw_irqentry_exit_cond_resched+0x29/0x30
[ 1453.947233][    C0]  irqentry_exit+0x37/0x40
[ 1453.947254][    C0]  sysvec_reschedule_ipi+0x78/0x80
[ 1453.947275][    C0]  asm_sysvec_reschedule_ipi+0x1b/0x20
[ 1453.947293][    C0] RIP: 0010:_copy_from_user+0x97/0xc0
[ 1453.947311][    C0] Code: 4c 89 fe 4c 89 f7 e8 b8 f6 80 02 41 89 c7 31 ff 4c 89 fe e8 cb b3 0c ff 4d 85 ff 75 11 e8 01 af 0c ff 4c 89 f8 5b 41 5c 41 5e <41> 5f 5d c3 e8 f0 ae 0c ff 4c 29 fb 49 01 de 4c 89 f7 31 f6 4c 89
[ 1453.947325][    C0] RSP: 0018:ffffc900044bfa48 EFLAGS: 00000246
[ 1453.947338][    C0] RAX: 0000000000000000 RBX: ffffc900044bfac0 RCX: 0000000000080000
[ 1453.947350][    C0] RDX: ffffc9000228d000 RSI: 000000000007ffff RDI: 0000000000080000
[ 1453.947361][    C0] RBP: ffffc900044bfa50 R08: 0000000000000000 R09: fffff52000897f5f
[ 1453.947373][    C0] R10: fffff52000897f5f R11: 1ffff92000897f58 R12: 0000000000000002
[ 1453.947384][    C0] R13: dffffc0000000000 R14: 0000000000000002 R15: 0000000000000000
[ 1453.947399][    C0]  ___sys_recvmsg+0x12b/0x510
[ 1453.947419][    C0]  ? __sys_recvmsg+0x270/0x270
[ 1454.281208][   T28] audit: type=1400 audit(1751894813.912:226): avc:  denied  { read } for  pid=85 comm="syslogd" name="log" dev="sda1" ino=2010 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:var_t tclass=lnk_file permissive=1
[ 1454.285371][    C0]  ? asm_sysvec_call_function_single+0x1b/0x20
[ 1454.308224][   T28] audit: type=1400 audit(1751894813.912:227): avc:  denied  { search } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1454.311546][    C0]  ? do_recvmmsg+0x3dd/0x7a0
[ 1454.311574][    C0]  do_recvmmsg+0x359/0x7a0
[ 1454.318904][   T28] audit: type=1400 audit(1751894813.912:228): avc:  denied  { write } for  pid=85 comm="syslogd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1454.322381][    C0]  ? __sys_recvmmsg+0x280/0x280
[ 1454.342300][   T28] audit: type=1400 audit(1751894813.912:229): avc:  denied  { add_name } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1
[ 1454.348032][    C0]  __x64_sys_recvmmsg+0x18d/0x240
[ 1454.356238][   T28] audit: type=1400 audit(1751894813.912:230): avc:  denied  { create } for  pid=85 comm="syslogd" name="messages" scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1454.363966][    C0]  ? __cfi___x64_sys_recvmmsg+0x10/0x10
[ 1454.363992][    C0]  ? fpregs_assert_state_consistent+0xb1/0xe0
[ 1454.372241][   T28] audit: type=1400 audit(1751894813.912:231): avc:  denied  { append open } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1454.379906][    C0]  x64_sys_call+0x3e7/0x9a0
[ 1454.403494][T14358] EXT4-fs (loop1): 1 orphan inode deleted
[ 1454.418991][    C0]  do_syscall_64+0x4c/0xa0
[ 1454.419017][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1454.419037][    C0]  ? clear_bhb_loop+0x30/0x80
[ 1454.419055][    C0]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[ 1454.425203][T14358] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[ 1454.446434][    C0] RIP: 0033:0x7f594658e929
[ 1454.446454][    C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1454.451711][T14358] ext4 filesystem being mounted at /38/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1454.455414][    C0] RSP: 002b:00007f5947404038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[ 1454.455438][    C0] RAX: ffffffffffffffda RBX: 00007f59467b6080 RCX: 00007f594658e929
[ 1454.498581][   T28] audit: type=1400 audit(1751894813.912:232): avc:  denied  { getattr } for  pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=5 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1
[ 1454.501923][    C0] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000006
[ 1454.501940][    C0] RBP: 00007f5946610b39 R08: 0000000000000000 R09: 0000000000000000
[ 1454.501952][    C0] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[ 1454.697325][    C0] R13: 0000000000000001 R14: 00007f59467b6080 R15: 00007ffc30f686d8
[ 1454.705317][    C0]  </TASK>
[ 1454.708334][    C0] ---[ end trace 0000000000000000 ]---
[ 1454.872495][T13655] EXT4-fs (loop1): unmounting filesystem.